Portal Password Recovery 403

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • yuri
    Member
    • Mar 2014
    • 8453

    #16
    When you open the page to set a new password, is the portal theme applied? Or check in the page source (click Ctrl+U), is there "require('app-portal'," ? If no, it means that the page is not run through the portal.

    This code should detect the portal: https://github.com/espocrm/espocrm/b...ls/Url.php#L50.

    As seems you know programming, I encourage to debug the problem.

    If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

    Comment


    • yuri
      yuri commented
      Editing a comment
      The recovery must be initiated from the customer portal login page, not from the CRM login page. It's important.

      What URL do you receive in an email?
      Last edited by yuri; 12-14-2024, 04:42 PM.
  • Ednt
    Member
    • May 2022
    • 31

    #17
    The URL in the E-Mail is from the Portal.

    you can solve the bug if you change the code from:

    Code:
    private function isPortalLdapDisabled(): bool
    {
    return $this->applicationState->isPortal() &&
    $this->authenticationMethodProvider->get() === LdapLogin::NAME &&
    !$this->config->get('ldapPortalUserLdapAuth');
    }
    to

    Code:
    private function isPortalLdapDisabled(): bool
    {
    return $this->applicationState->isPortal()
    }

    do you can confirm the bug ?

    Comment

    • yuri
      Member
      • Mar 2014
      • 8453

      #18
      I do not confirm the bug. Your code suggestion cannot be applied as it's a hack that breaks the logic.

      What exactly gives false for you?


      Code:
      $this->authenticationMethodProvider->get() === LdapLogin::NAME
      or


      Code:
      !$this->config->get('ldapPortalUserLdapAuth');
      Both are supposed to be true for your case. If you set LDAP and not enabled portal users for LDAP. If otherwise, then it's an expected behavior. Portal users should not be able to restore passwords if they use LDAP.
      If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

      Comment

      Working...