Error setting password

Context: A fresh install with:

  • Plone 5.1.5 (5115)
  • CMF 2.2.12
  • Zope 2.13.27
  • Python 2.7.15 (default, May 4 2019, 05:46:04) [GCC 5.5.0]
  • PIL 5.4.1 (Pillow)
  • CMFPlacefulWorkflow 1.7.6
  • webcouturier.dropdownmenu 3.0.2
  • collective.mass_subscriptions 0.1.1
  • 3.3.10

Issue: If the the page .../passwordreset/... is used, the user gets the
following error:

Sorry, this appears to be an invalid request. Please make sure you copied the
URL exactly as it appears in your email and that you entered your user name

but without any error in .../prefs_error_log_form.

Thanks for any hint.

What do you mean by 'is used'?

Do you mean that you go to: ?

( or )

Sorry to have been so vague: as administrator, I checked in .../@@usergroup-userprefs the box "Reset Password" for one of our users and clicked on "Save". This user received a "Password reset request" email. After clicking on the link:


given in this email, the user filled the form:

  • "My email address is"
  • "New password"
  • "Confirm password"

and clicked on the button "Set my password". The result was the page ""Error setting password"" with the message given in my OP.

This issue is maybe, though not directly, connected to the other one I described, entitled "AttributeError: 'RequestContainer' object has no attribute 'mail_password_form".

Hi, I have this same issue. in this discussion: Plone 5.1 soft-released

they mention the same problem; however, in the problem description it is specified the person put in an email that didn't exist. in my case this is true - the user put in an email in the reset that didn't exist in the system.

i just did the same action you did: i sent a reset link. i don't know yet if it worked.

Hi Wayne,

In my case, the user email does exist in the system.

In the discussion you mentioned, @espenmn suggested Products.PasswordResetTool (or something similar) [is maybe] missing. It doesn't miss in my case:

$ ls buildout-cache/eggs/ | grep Password

Probably completely unrelated, but could you try:

• Add a new user and make username and email the same (in other words: use the email as the username)

Quite the contrary, completely related: thanks! If the email is used as username, the password (re)setting works like a charm: quite strange...

IMHO, this bug needs to be fixed:

  • using the email as username is not very friendly,
  • being unable for the administrator to reset passwords would be a very missing feature.