search

hardillb / node-red-alexa-home-skill-web

Apache License 2.0
45 stars 28 forks source link

I can't reset password #74

Closed rapejim closed 5 years ago

rapejim commented 5 years ago

I try to reset my password, but the temporal link (sent to my email inbox) don't work.

hardillb commented 5 years ago

I need a little bit more than "don't work"

What's your username on the site and please explain the error you get.

Also please forward the reset email to ben [@] hardill.me.uk

hardillb commented 5 years ago

Also the password change links expire after 24 hours, so will not work if you leave it too long.

rapejim commented 5 years ago

I'm sorry for my poor description of the problem.

I didn't remember my password yesterday, so I clicked the link (here) from: "If you have misplaced your password click here" on the login screen.

I received the email a few seconds later with a link of the style: https://alexa-node-red.bm.hardill.me.uk/changePassword/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx and just when I received it I clicked on the link (and even in another attempt I copied it and pasted it into the web browser bar) and here is when it did not work, it was like an attempt to load, but went directly back to the home page "https://alexa-node-red.bm.hardill.me.uk/" without giving me the ability to change the password.

And I tried it 3 or 4 times (2 or 3 in Chrome and another in Edge), all without success.

If you need my login data I'll pass them to the email you indicate, but basically my username is the same as here at github.

NOTE: I finally got the password because I had it configured in Node-Red, but the "changePassword" function didn't let me change the password.

hardillb commented 5 years ago

The reset link will redirect to the homepage if it can not find the token in the database, I should probably have this point to a error page explaining why it's not letting you in.

The database deletes the tokens automatically after 24hrs or when you follow the link.

Looking at the logs it seems that Hotmail (BingPreview useragent) is following the link before you can click on it and hence deletes the token.

If you can turn off link previewing in Hotmail this might a good idea because having reset links destroy themselves after a single use is the right thing to do from a security point of view.