rhukster
commented
5 years ago Are you up to date on the login plugin? I remember we did have this issue but sorted it. Also you aren't using flex-users are you?
Closed emielmolenaar closed 5 years ago
rhukster
commented
5 years ago Are you up to date on the login plugin? I remember we did have this issue but sorted it. Also you aren't using flex-users are you?
emielmolenaar
commented
5 years ago The login plugin is at v3.0.2. I have never heard of flex-users for Grav, and I have just read that this feature is disabled by default. How can I double-check this?
mjs
commented
5 years ago I am seeing the same problem.
Grav v1.6.10, Admin v1.9.6 and Login v3.0.2
rhukster
commented
5 years ago I can't replicate this. I am able to reset the password just fine. Not losing my access: section.
I guess I need more information. Do you have a custom password-reset form? I'm using the built-in one from the plugin. What is your login plugin configuration?
mjs
commented
5 years ago I'm just using the built-in password reset form. Login plugin configuration looks like:
enabled: true # Enable the plugin
built_in_css: true # Use built-in CSS
route: # Specific route for Login page (default is '/login')
redirect_to_login: true # If you try to access a page you don't have access to, should you redirect to login route
redirect_after_login: # Path to redirect to after a successful login (eg '/user_profile')
redirect_after_logout: '/' # Path to redirect to after a successful logout (eg '/')
route_activate: '/activate_user' # Route for the user activation process
route_forgot: '/forgot_password' # Route for the forgot password process
route_reset: '/reset_password' # Route for the reset password process
route_profile: '/user_profile' # Route for the user profile page
route_register: '/user_register' # Route for the user registration page
route_unauthorized: '/user_unauthorized' # Route for a page to display if user is unauthorized
twofa_enabled: false # Two factor authentication enabled
dynamic_page_visibility: false # Integrate access into page visibility so things can be shown or hidden in the menu
parent_acl: false # Look to parent `access` rules for access requirements
protect_protected_page_media: false # Take `access` rules into account when directly accessing a page's media
rememberme:
enabled: true # Enable 'remember me' functionality
timeout: 604800 # Timeout in seconds. Defaults to 1 week
name: grav-rememberme # Name prefix of the session cookie
max_pw_resets_count: 2 # Number of password resets in a specific time frame (0 = unlimited)
max_pw_resets_interval: 60 # Time in minutes to track password resets
max_login_count: 99 # Number of failed login attempts in a specific time frame (0 = unlimited)
max_login_interval: 10 # Time in minutes to track login attempts
ipv6_subnet_size: 64 # Size of IPv6 block to track login attempts
user_registration:
enabled: false # Enable User Registration Process
fields: # List of fields to validate and store during user registration
- 'username' # This should match up with your registration form definition
- 'password'
- 'email'
- 'fullname'
- 'title'
- 'level'
- 'twofa_enabled'
default_values: # Any default values for fields you would like to set
level: Newbie # Here the 'level' field will be pre-populated with 'Newbie' text
access: # Default access to set for users created during registration
site:
login: 'true'
redirect_after_registration: '' # Route to redirect to after registration
options:
validate_password1_and_password2: true # Ensure that password1 and password2 match during registration (allows you to have just 1 pw field or 2)
set_user_disabled: false # Set this `true` if you want a user to activate their account via email
login_after_registration: false # Automatically login after registration
send_activation_email: false # Send an email that requires a special link to be clicked in order to activate the account
manually_enable: false # When using activation email, don't enable until an admin does it manually
send_notification_email: false # Send an email to the site administrator to indicate a user has registered
send_welcome_email: false # Send a welcome email to the user (probably should not be used with `send_activation_email`I'm happy to provide logs or try things out get this resolved.
rhukster
commented
5 years ago Oh! Resetting password in admin! I thought this was a user password reset. Yes i can replicate that.. will investigate further.
emielmolenaar
commented
5 years ago Hmm, the issue occurs when the user resets his / hers password. Haven't tried resetting it via the admin panel though. I am using https://github.com/david-szabo97/grav-plugin-admin-addon-user-manager to manage users but the issue also occured before I installed admin-addon-user-manager. I will try to remove all other plugins on my local development environment and check out if the issue persists. Will report here if I find anything useful :)
mahagr
commented
5 years ago Fixed in admin plugin. If you are using other plugins, make sure they do not have $user->filter() call in password reset.
I am using Grav 1.6.9 and I have created a new user. The user has access to:
I can login with that user. When I reset the password of the user via the password-reset form, the access configuration (as shown above) disappears from the users YAML file; preventing the user from logging in.
I have been searching the internet for similar cases but I can not find anything regarding this issue. Is this a bug or am I doing something wrong?