static URL is used for weave-password-reset



7 years ago
7 years ago


(Reporter: Andre.Weidemann, Assigned: rfkelly)


Firefox Tracking Flags

(Not tracked)



(1 attachment)



7 years ago
User Agent: Mozilla/5.0 (Windows NT 6.0; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
Build ID: 20120215223356

Steps to reproduce:

I set up Firefox Sync on my server (cloned from hg a few days back). Since I only have one IP and one DNS entry for my machine, I set it up under https://<servername>/ff-sync/.
This is the Apache config:

  Alias /media /usr/local/share/weave-sever/deps/server-reg/syncreg/static
  WSGIProcessGroup sync
  WSGIDaemonProcess sync user=sync group=nogroup processes=2 threads=25
  WSGIPassAuthorization On
  WSGIScriptAlias /ff-sync /usr/local/share/weave-sever/sync.wsgi 

Actual results:

Syncing contacts and so on works fine, but resetting the password does not.
The URL to "weave-password-reset" is hard coded. Resetting the password fails, as soon as you do not run the sync-server on / .

Expected results:

The request URI should be read and should then be inserted correctly into the POST.
The URL should be appending weave-password-reset to the server URL.  Is that not what you're seeing?

Comment 2

7 years ago
The weave-password-reset URL is append right after the server name. I set up Firefox Sync under this URL on my server https://<servername>/ff-sync/. When accessing the URL to "weave-password-reset", "ff-sync/" is missing from the URL.
in about:config, what's the value of services.sync.serverURL ?

Comment 4

7 years ago
services.sync.serverURL is set to "https://*****"
Take a look here:

Comment 5

7 years ago
It looks like the path /weave-password-sync is hard-coded into various templates in the server, but it should be working correctly in the server itself.  Can you please try a couple of things?

1) Does accessing https://**** correctly produce the password reset form?

2) If you change the hard-coded paths in the following files to match your setup, does it all work correctly?

     * server-full/deps/server-reg/syncreg/templates/password_ask_reset_form.mako
     * server-full/deps/server-reg/syncreg/templates/password_reset_form.mako
     * server-full/deps/server-reg/syncreg/templates/password_reset_mail.mako

If that fixes the problem for you, I'll work on replacing the hard-coded paths with something determined dynamically from the request URL.

Comment 6

7 years ago
This patch uses the url-generation facilities of Routes to determine the password reset URL at runtime.  Hand-tested on a fresh build of server-full mounted at http://localhost:5000/test, the password reset works successfully after configuring smtp, reset codes etc.
Assignee: nobody → rfkelly
Attachment #626320 - Flags: review?(telliott)
Attachment #626320 - Flags: review?(telliott) → review+

Comment 7

7 years ago
Last Resolved: 7 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.