64 views

Description

When requesting a password reset, a notification will be sent to the user containing a link to set up a new one.

The notification states the link is valid for 12 hours.

The password reset request itself though will be considered expired after 10 minutes (or whatever value set in the password_reset.request.expiry property).

Steps to Reproduce

1> In Password Reset Process, enable "Email Password Reset URL"

2> Reset Password for a user. Check the email sent from system, it will say the URL is valid for 12 hours.

However the user has to reset password within 10 minutes (or whatever value set in the password_reset.request.expiry property),

otherwise the reset request is expired.

Workaround

We have two properties: 
 
glide.pwd_reset.onetime.token.validity 
> this property is the time value sent in the reset Email 
> unit of this property is hour 
> default is 12 hours 
> this property controls the expiration of the URL Link 
 
password_reset.request.expiry 
> this property is for the expiry on the actual reset request. 
> unit of this property is minute 
> default is 10 minutes 
 
The issue is caused by the discrepancy between these two properties.
The issue is fixed in London release via PRB1259511.
User will receive meaningful email notification.
 
Workaround is to adjust the two properties to be same amount of time.

Related Problem: PRB1259511

Seen In

There is no data to report.

Fixed In

London

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2018-09-16 16:41:44
Published:2018-09-16