search

gocodebox / lifterlms

LifterLMS, a WordPress LMS Solution: Easily create, sell, and protect engaging online courses.
https://lifterlms.com
GNU General Public License v3.0
183 stars 135 forks source link

Password reset - conflict between Woocommerce & Lifterlms #2776

Open saracomin96 opened 1 month ago

saracomin96 commented 1 month ago

Reproduction Steps

Use Woocommerce to reset user passwords

  1. Go to /my-account/lost-password and request a reset
  2. Click the link that arrives by email

Expected Behavior

The result when I land on the page should be the form that allows me to change the password

Actual Behavior

The form for requesting a password reset.

I noticed something when checking the code of both woocommerce and lifterlms

After clicking the link on the page, the added parameter, in url, is ?reset-pass=1 which seems to be generated by this function:

public function reset_password_link_redirect() {

        if ( is_llms_account_page() && isset( $_GET['key'] ) && isset( $_GET['login'] ) ) {

            $user = get_user_by( 'login', wp_unslash( llms_filter_input_sanitize_string( INPUT_GET, 'login' ) ) );
            $uid = $user ? $user->ID : 0;
            $val = sprintf( '%1$d:%2$s', $uid, wp_unslash( llms_filter_input_sanitize_string( INPUT_GET, 'key' ) ) );

            ( new LLMS_Cache_Helper() )->maybe_no_cache();
            llms_set_password_reset_cookie( $val );
            llms_redirect_and_exit( add_query_arg( 'reset-pass', 1, wp_lostpassword_url() ) );
        }
    }

This parameter does not allow you to view the password reset form, but the reset request form is displayed again.

Indeed, Woocommerce checks that the URL contains the ?show-reset-form=true parameter to display the password reset form.

This issue has be recreated:

jurasjo commented 1 month ago

If I remember correctly, I had this problem. The solution was to unset Dashboard page from Settings/Accounts in LifterLMS. Then WC take care of proper password reset.

It might be connected to this issue #2741