On 13/02/2017 18:59, Tech wrote:
Hello Francesco, Thanks for your update, we created the notification in the parameters and the template, but we get stuck before the point you were describing: We went through the procedure, the user creates his own account, with an email and a password. For simplicity, we created only one security question. Once he forget the password, he comes back to the EndUser interface and he request to insert the challenge answer. Even if the challenge answer is correct (and I can check that it's correctly stored into the database), we receive an error saying: 18:44:20.883 ERROR org.apache.syncope.client.enduser.resources.UserSelfPasswordReset - Error while updating user java.lang.Exception: A correct security answer should be provided at org.apache.syncope.client.enduser.resources.UserSelfPasswordReset.newResourceResponse(UserSelfPasswordReset.java:76) ~[syncope-client-enduser-2.0.2.jar:2.0.2] [...] But we know that the challenge answer is correct and all in lowercase like in the database, I can't understand why it doesn't find the correct value. Yes, there are a couple of bugs, already fixed with 2.0.3-SNAPSHOT: https://issues.apache.org/jira/browse/SYNCOPE-1012 https://issues.apache.org/jira/browse/SYNCOPE-1013 I think you'd better move to 2.0.3-SNAPSHOT for your tests. Regards. BQ_BEGIN On 19/01/2017 11:22, Francesco Chicchiriccò wrote: BQ_BEGIN On 18/01/2017 14:13, Francesco Chicchiriccò wrote: BQ_BEGIN On 18/01/2017 11:59, Francesco Chicchiriccò wrote: BQ_BEGIN On 18/01/2017 11:38, Tech wrote: BQ_BEGIN Hello, we faced something that could be a bug in version 2.0.1 and version 2.0.2. We created a SecurityQuestion from the Admin interface and the user is prompted to enter one during the creation of his account. The SecurityQuestion is correctly stored into the DB. We "forget" the password and we try to recover it using the interface, but we cannot reset it. This is happening both for existing and new users. Could you please double-check? BQ_END I assume you have already checked https://syncope.apache.org/docs/reference-guide.html#password-reset to understand how the password reset process is expected to work. BQ_END A fundamental part for the outlined procedure to be effective, is to have the notifications in place; see https://syncope.apache.org/docs/reference-guide.html#e-mail-configuration for details. After that user has provided the correct answer to security question via EndUser UI, a notification e-mail based on the 'requestPasswordReset' template is sent; as you can see from the template, an URL for accessing the EndUser UI (containing the unique token generated for such request) is contained in the e-mail. Once clicked there, the process can continue with input of the new password value. Finally, another notification e-mail based on the 'confirmPasswordReset' template is sent out. BQ_END FYI I have updated the password reset information with the further comments above; see https://ci.apache.org/projects/syncope/reference-guide.html#password-reset Regards. BQ_END BQ_END -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
