BNETDocs/bnetdocs-web

Password Reset Loop

LogicPlague opened this issue · 2 comments

On password reset, it loops indefinitely. When you click to have the site send you an email to the reset page, the link sent brings you back to the email prompt to send a link to your email to reset your password.

Triaged.

Issue occurs when password reset email template is rendered. The link that is printed in the email is missing the token. The t query argument is empty.

This causes the email to be completely useless to the user, without t the website cannot verify the user actually got the link from the email address associated with the account.

See plaintext email:

Hello redacted,

Someone requested your password to be reset on BNETDocs. If this was you, click
or copy and paste the link below into your web browser to reset your password.

https://bnetdocs.org/user/resetpassword?email=redacted&t=

**Note:** This link will only be available for 24 hours.

If this was not you, then you can safely ignore this email; no action will be
taken.

You may also reply to this email if you believe there is an issue.

If users are having an issue resetting their password, please reach out to me over Discord and I can assist until the bug is resolved.