2.1 Can't reset customer password

[sheldonli999]

Steps to reproduce

1. Install Magento 2.1
2. Choose a customer
3. edit the customer
4. click reset password

   Expected result

5. send out the password reset email
6. ...

   Actual result

7. See the error message: Something went wrong while resetting customer password.
8. [Screenshot, logs]
9. ...

The reason I have to reset the customer password is the customer can't request to reset password either. Second, when saving address via webapi (Magento\Customer\Api\CustomerRepositoryInterface save), if I dont send password, the password is rehashed, the customer can't login with the current password.

[spyrule]

@kcsf Is this new users or existing users ?

[eCommerceGorilla]

@kcsf After disabling all 3rd party extensions are you still encountering the same issue?

[dnadle]

Reopen this. It's been closed for 6 months and still happening.

[ooples]

I agree about reopening this. It happens to me with magento 2.1.7

On Jun 6, 2017 11:35 PM, "dnadle" notifications@github.com wrote:

Reopen this. It's been closed for 6 months and still happening.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/magento/magento2/issues/5260#issuecomment-306677077, or mute the thread https://github.com/notifications/unsubscribe-auth/AC7uZcdJigTnKH5EKDUQG2N_zMAsSW39ks5sBhqSgaJpZM4I-e3q .

[kcsf]

@spyrule - problem existed for both new & existing users. @eCommerceGorilla - yes, still existed after disabling all extensions.

In short; we solved it - after upgrading from 2.1.6 to 2.1.7 & making some changes to the database. We're going to push the changes live next Monday - and I will report back here with the solution when confirmed.

[LucScu]

@kcsf So you solved it?

[kcsf]

Yes, problem solved. It appears the root of the problem was two missing columns from the "customer_entity" table. I believe the columns "somehow" didn't get created during the migration from 1.9 to 2.1.

Don't quote me, but the sql to add the missing columns went something like this: ALTER TABLE customer_entity ADD failures_num SMALLINT( 6 ) NULL DEFAULT '0'; ALTER TABLE customer_entity ADD first_failure NULL DEFAULT '0'; If you want to be sure about it - cross-reference a the customer_entity table on a clean Mage 2.1.6 install. You should see whether or not you have what you need.

[dnadle]

@kcsf My customer_entity table already has those columns.

[gcampedelli]

I was receiving this same error everyone describes here. Then, I checked if I had postfix installed in my Ubuntu. I t was not. I then installed it in the system and configured it to site. After that error just disappeared. Hope this can help others. Best, Gabriela

[dnadle]

@gcampedelli Not having postfix installed would explain why your reset emails were not going out. The bug in question here occurs when either the admin resets a customer's password, or the customer requests a 2nd reset email before receiving or responding to the first reset email. When that happens the customer enters a state that prevents them from resetting the password. It's a bug, still present in 2.1.6, 7+ months after it was closed here.

[gcampedelli]

For me it is working either way after postfix install. I went to admin >store configuration> customer > Customer configuration > passwords and I've set Max Number of Password Reset Requests to 1000 and the error has gone away so far. So, those who are asking to reopen the topic can try this method I described. Check postfix and change configuration. Let me know if it fix the issue.

[galaxysteph]

Just encountered this on Magento 2.1.5.

[spyrule]

So for me it was a 3rd party extension that didn't contain all of the proper fields in its config or system.xml file (I cannot remember at this point). For me it was the well documented Solwin extension that had a bunch of missing information. I removed it, and suddenly all of my password reset functionality worked as expected. :man_shrugging:

[hemendraajmera]

I am still facing issue on magento 2.1.8 We're unable to send the password reset email.

[alpha-buerobedarf]

I was facing this issue in 2.2 as well, \Magento\Security\Model\SecurityChecker\Quantity and \Magento\Security\Model\SecurityChecker\Frequency are using a bad query ,

'SELECT * FROM password_reset_request_event AS main_table WHERE (request_type = '0')

AND ((ip = '127.0.0.1') OR (account_reference = 'mail@this-is.not-a-domain.com'))

ORDER BY created_at DESC

LIMIT 1'

If you are using Varnish and take a look in table password_reset_request_event, all customers get the same ipaddress. So if there is any active passwort reset request, all others will be blocked.

[yuvraj993]

I am still facing issue on magento 2.2 We're unable to send the password reset email from web and not working from REST API http://host/magento22/rest/V1/customers/password { "email": "xyz@mailinator.com", "template": "reset_password", "websiteId": 1 }

[BernardRobbins]

I've tracked down the "An unspecified error occurred. Please contact us for assistance." error message to LoginPost.php line 189 in Magento 2.1.9. It was being caused by a table from another module was missing. Adding $e->getMessage() to that message will output why the login is failing. I have MAGE_MODE set to developer and looked in all the logs and never seen this exception.

[100rabhMisra]

I have also faces this issue. I did it everything all suggestions but still faces same issue yet.. Anybody have another suggestion .. my issue is also - i have not resetting password from the admin side as well as frontend also.. Kindly give me suggestions what I do ?

[nawabamit]

set new password not working when customer want to reset in magento 2. its load the page after submit and nothing happen. note-Always show (Please enter a new password) i have change multiple time new passwords

[dirtbound]

I am also having this issue with Magento 2.2.2, I get transactional emails as expected. However, trying to reset the customer password both through the admin or front-end both results in no email being sent. I am not seeing any errors while checking the log or submitting the reset request.

[dkinseytmg]

I am also having this issue. It appears to be due to website URLs that are different then the default URL.

I'm using php7.0 and am on 2.1.11

Assuming my default URL is store.domain.com and I'm logged into the admin at store.domain.com/admin and I view all customers and select a customer who is associated with store2.domain.com. I click the Reset Password button and the transactional email goes out as expected. When viewing the email, the reset password link is store.domain.com/customer/account/createpassword/ whereas I would expect the link to be store1.domain.com/customer/acccount/createpassword/

This whole process seems a bit buggy. \Magento\Customer\Controller\Adminhtml\Index\ResetPassword::execute() loads the customer object using the customer ID passed in the request parameters and then passes the customer email to \Magento\Customer\Model\AccountManagement::initiatePasswordReset($email, $template, $websiteId) At this point AccountManagement::initiatePasswordRest attempts to reload the customer object using the email and website ID that were passed to the method. Then with that newly built customer object, \Magento\Customer\Model\EmailNotification::passwordReminder($customer) is called.
This is where I think it is broken... EmailNotification::passwordReminder then attempts to load the storeId from storeManager->getStore()->getId(). If $storeId is still empty at this point, it then gets the store ID from the customer object.

My questions are:

1. Why not just pass the customer object to AccountManagement::initiatePasswordReset from ResetPassword::execute instead of the customer email and website ID? This would prevent having to rebuild the customer object in AccountManagement::initiatePasswordReset.

2. Why is it even attempting to load the store ID from storeManager when the customer object is available as a function argument in EmailNotification::passwordReminder?

My solution: I overriden EmaliNotification::passwordReminder.

Original --

public function passwordReminder(CustomerInterface $customer)
{
    $storeId = $this->storeManager->getStore()->getId();
    if (!$storeId) {
        $storeId = $this->getWebsiteStoreId($customer);
    }

    $customerEmailData = $this->getFullCustomerObject($customer);

    $this->sendEmailTemplate(
        $customer,
        self::XML_PATH_REMIND_EMAIL_TEMPLATE,
        self::XML_PATH_FORGOT_EMAIL_IDENTITY,
        ['customer' => $customerEmailData, 'store' => $this->storeManager->getStore($storeId)],
        $storeId
    );
}

New --

public function passwordReminder(CustomerInterface $customer)
{
    $storeId = $this->getWebsiteStoreId($customer);

    $customerEmailData = $this->getFullCustomerObject($customer);

    $this->sendEmailTemplate(
        $customer,
        self::XML_PATH_REMIND_EMAIL_TEMPLATE,
        self::XML_PATH_FORGOT_EMAIL_IDENTITY,
        ['customer' => $customerEmailData, 'store' => $this->storeManager->getStore($storeId)],
        $storeId
    );
}

[msliman]

I have a different bug, which is customerId and token are always empty. I print them in public function execute() in file vendor/magento/module-customer/Controller/Account/CreatePassword.php. more details are here

https://magento.stackexchange.com/questions/212210/your-password-reset-link-has-expired-magento-2 https://magento.stackexchange.com/questions/212340/reset-password-problem-magento-2

Kindly advice.

[crantron]

@msliman you should open another if different.

[joshgrillo]

I had same error of too many password reset requests from backend on 2.2.3. It would allow me to do one, but then no more after that. This fix worked for me: https://magento.stackexchange.com/questions/199984/password-reset-throws-something-went-wrong-while-resetting-customer-password-e