Problem/Motivation

We had a bug with shared storage so it was moved to private storage in this issue:
https://www.drupal.org/project/rest_password/issues/3181612

The problem with that is when you receive the link via a service. So its not the end user generating the password reset link. It's a system to create it (as part of user creation). This will make the End users private store not the same as the generation part's store. = no vaild key found.

Steps to reproduce

- Create link in Chrome browser.
- Try the link in Firefox. And it will not work.

Proposed resolution

In stead of using private store. Use shared store but suffix the reset_password key to the store with the users uid.

Remaining tasks

User interface changes

API changes

Data model changes

Comments

kristofferwiklund created an issue. See original summary.

kristofferwiklund’s picture

kristofferwiklund’s picture

Status: Active » Needs review
StatusFileSize
new1.99 KB

Here is a suggestion of patch that might be working. As the namespace was already suffixed with user id.

glynster’s picture

Hey @kristofferwiklund this is similar to the original patch supplied in this issue: https://www.drupal.org/files/issues/2020-11-14/3181612-6.patch We are still using this as it works as needed and I think it will solve your issue as well. The latest patch in that thread fails for us however the original patch still works wonders.

taggartj’s picture

Status: Needs review » Fixed

thanks guys really well done see release 8.1.8

taggartj’s picture

Status: Fixed » Closed (fixed)