Password Reminder Link broken on Sandbox
Issue #1902
resolved
The password reminder function in the sandbox is broken. the recovery link (sent to the user via mail) is not valid. Please check if this is true for other puma instances as well. Please determine the cause for the broken link. You will need to create "group" accounts, i.e. accounts with username and password instead of the usual library accounts.
Before you take any action fixing the issue please report back to Stephan with results or questions. The inability to change the password is actually good for the sandbox. However, we should find a nicer way to achieve this (at least a note in the email would be nice). For the other PUMAs we will have to fix it in case they also suffer from that problem.
Comments (5)
-
-
- changed status to open
-
was the PUMA server configured properly?
-
- changed component to webapp
- edited description
-
- changed status to resolved
tomcat-configuration updated
- Log in to comment
The PasswordReminder generates a hash for the user. This particular hash sometimes contains encoded slashes. It looks like the webserver for puma.sanbox denies requests containing encoded slashes '%2F' . I enabled it on my system by adding the following option to the catalina.properties file: " org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true " After that the Reminder-function worked properly.