Error setting password

dbitouze · May 29, 2019, 10:20am

Context: A fresh install with:

Plone 5.1.5 (5115)
CMF 2.2.12
Zope 2.13.27
Python 2.7.15 (default, May 4 2019, 05:46:04) [GCC 5.5.0]
PIL 5.4.1 (Pillow)
CMFPlacefulWorkflow 1.7.6
webcouturier.dropdownmenu 3.0.2
collective.mass_subscriptions 0.1.1
plone.app.iterate 3.3.10

Issue: If the the page .../passwordreset/... is used, the user gets the
following error:

Sorry, this appears to be an invalid request. Please make sure you copied the
URL exactly as it appears in your email and that you entered your user name
correctly.

but without any error in .../prefs_error_log_form.

Thanks for any hint.

espenmn · May 29, 2019, 10:37am

What do you mean by 'is used'?

Do you mean that you go to:

http://yoursite.com/mail_password_form ?

( or http://yoursite.com/mail_password_form?userid=someid )

dbitouze · May 29, 2019, 11:55am

Sorry to have been so vague: as administrator, I checked in .../@@usergroup-userprefs the box "Reset Password" for one of our users and clicked on "Save". This user received a "Password reset request" email. After clicking on the link:

.../passwordreset/...

given in this email, the user filled the form:

"My email address is"
"New password"
"Confirm password"

and clicked on the button "Set my password". The result was the page ""Error setting password"" with the message given in my OP.

This issue is maybe, though not directly, connected to the other one I described, entitled "AttributeError: 'RequestContainer' object has no attribute 'mail_password_form".

rileydog · May 31, 2019, 12:10am

Hi, I have this same issue. in this discussion: Plone 5.1 soft-released

they mention the same problem; however, in the problem description it is specified the person put in an email that didn't exist. in my case this is true - the user put in an email in the reset that didn't exist in the system.

i just did the same action you did: i sent a reset link. i don't know yet if it worked.

dbitouze · May 31, 2019, 7:41am

Hi Wayne,

In my case, the user email does exist in the system.

In the discussion you mentioned, @espenmn suggested Products.PasswordResetTool (or something similar) [is maybe] missing. It doesn't miss in my case:

$ ls buildout-cache/eggs/ | grep Password
Products.PasswordResetTool-2.2.4-py2.7.egg/

espenmn · May 31, 2019, 10:46am

Probably completely unrelated, but could you try:

• Add a new user and make username and email the same (in other words: use the email as the username)

dbitouze · May 31, 2019, 12:47pm

Quite the contrary, completely related: thanks! If the email is used as username, the password (re)setting works like a charm: quite strange...

IMHO, this bug needs to be fixed:

using the email as username is not very friendly,
being unable for the administrator to reset passwords would be a very missing feature.