Password recovery on is broken



8 years ago
6 years ago


(Reporter: crimius, Unassigned)





(1 attachment)



8 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv: Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729)
Build Identifier: 

Users have been reporting that upon attempting to recover their passwords, they get a "bad code for this user, please try again" error.  I've confirmed it myself and get the same bad code error upon inputting a new password.  As it stands, the only way to change your password is if you are already logged in, and users who have forgotten their passwords are SOL since we can't directly change them.

Reproducible: Sometimes

Steps to Reproduce:
1. Go to
2. Input your username
3. Go to your inbox and click the link in the recover password email
4. Input your new password
Actual Results:  
The page returns a 'bad code' error, and prompts you to try again.

Comment 1

8 years ago
It seems that it doesn't fail consistently.  First try failed, next succeeded.  Not sure why it would generate a bad code sometimes though..
Created attachment 491123 [details] [diff] [review]
Select password change code directly from master DB

I would guess that this is caused by a delay in the database replication.  I'm not familiar with the specific replication details but it would be good to know if all slaves are lagging and by how much? Dave, could you get this info for us please?

If the page to input the username loads, then that means that the database used for that page load had the correct verification code. On submission of the form I suppose a different server and/or DB slave is being used and it doesn't yet have the correct verification code in the `users` table.

I have attached an untested patch for a workaround to select the password change code directly from the master DB in case there is not an easy way to speed up replication.
Attachment #491123 - Flags: review?
Attachment #491123 - Flags: review? → review?(telliott)
Comment on attachment 491123 [details] [diff] [review]
Select password change code directly from master DB

This code looks fine in theory, though I question whether I'm the appropriate person to be doing personas reviews at this point.
Attachment #491123 - Flags: review?(telliott) → review+

Comment 4

8 years ago
This hasn't popped up in any of the community sites or the personas@ emails for a while, and I couldn't replicate it earlier today after a few tries.  I'd say leave it as is for now, since it doesn't seem to be broken anymore.
Last Resolved: 8 years ago
Resolution: --- → WONTFIX
Component: →
Product: Websites → Websites Graveyard
You need to log in before you can comment on or make changes to this bug.