search

ThinkUpLLC / ThinkUp

ThinkUp gives you insights into your social networking activity on Twitter, Facebook, Instagram, and beyond.
http://thinkup.com
GNU General Public License v3.0
3.3k stars 674 forks source link

Password Reset Broken for Self Hosted systems #2236

Closed sarcas closed 9 years ago

sarcas commented 9 years ago

Setup

You need a self hosted system running current master (SHA: 4f8ed6baaa8802b0f2c3e5ae2424ab8abe040cd1).

Reproduction:

  1. Go to the log in page of your hosted site
  2. Click 'Forgot your password?'
  3. You'll be directed to a new page. In the box, put an email address of a valid account that you know exists on the system
  4. Click Send

Expected: A forgotten password email will be sent to the email address (modulo sendmail being set up correctly)

Actual: No email is sent.

The problem is because of a mismatch between the value in a form hidden input field and the expected trigger value of that field in the controller