Portal Password Recovery 403

Collapse
X
Collapse
 
  • Page of 2
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • Ednt
    Member
    • May 2022
    • 31
    #1

    Portal Password Recovery 403

    If a customer tries to reset the password in a portal, he gets the Error:

    403: URL does not match Site URL

    How can we resolve this issue?

    I checked and if i replace the Server name from the Portal with the server name from the main Installation I get 200 OK
    This i tried with a post Tool with the JSON payload.

    Last edited by Ednt; 11-20-2024, 11:31 AM.
    Tags: None
    • victor
      Active Community Member
      • Aug 2022
      • 727
      #2
      Clear the Your_portal_name > Portal > Genegal > Custom URL field and try again to reset the password like a Portal User.
      If it helps, the problem is in your server configuration: https://docs.espocrm.com/administrat...cess-to-portal.

        Comment

        • Ednt
          Member
          • May 2022
          • 31
          #3
          I cleared the fields, but the failure is the same.

          i use exactly this config:
          Configuring Portal in Nginx - EspoCRM Documentation
          https://docs.espocrm.com/administration/portal/nginx-configuration/


          And on the site https://docs.espocrm.com/administrat...cess-to-portal.​ is no information which help.

            Comment

            • victor
              Active Community Member
              • Aug 2022
              • 727
              #4
              Send nginx log + config code of your nginx.

                Comment

                • Ednt
                  Member
                  • May 2022
                  • 31
                  #5
                  Solved:

                  the Portal URL needs to contain the URL with leading protocol: "https://"
                  Last edited by Ednt; 11-29-2024, 03:55 PM.

                    Comment

                    • Ednt
                      Member
                      • May 2022
                      • 31
                      #6
                      But :

                      if the main ESPOCRM authentication is done by LDAP,
                      it is not possible that a Portal User with a 'manual' password gets an E-Mail for Password recovery.

                      Look at:

                      RecoveryService.php

                      Code:
                      if (
!$user->isAdmin() &&
$this->authenticationMethodProvider->get() !== EspoLogin::NAME
)
                      But the website tells us in green that the email was sent successfully.
                      Last edited by Ednt; 11-29-2024, 03:57 PM.

                        Comment

                        • Ednt
                          Member
                          • May 2022
                          • 31
                          #7
                          A quick hack:

                          Code:
                          if (
!$user->isAdmin() &&
$this->authenticationMethodProvider->get() !== EspoLogin::NAME &&
!$this->applicationState->isPortal
)​

                            Comment

                            • lazovic
                              #7.1
                              lazovic commented
                              11-30-2024, 09:35 AM
                              Editing a comment
                              It is not recommended to make changes of this nature to the EspoCRM files. At the very least, they are not an upgrade safe and will be erased after upgrading the instance version. Also, such changes may cause problems with other functionality.
                            • Ednt
                              Member
                              • May 2022
                              • 31
                              #8
                              And ...

                              now we get the link, but the Portal User can still not change the password -> same reason as above, the auth method is not ESPO

                              A correct message is shown.
                              But it should work. The Portal Users have no LDAP, they are using the passwords from inside ESPO. And this works for Portal login.
                              Only the normal access is using LDAP.
                              Last edited by Ednt; 11-29-2024, 03:58 PM.

                                Comment

                                • victor
                                  Active Community Member
                                  • Aug 2022
                                  • 727
                                  #9
                                  After several of your posts in a row, it's not entirely clear if the issue that created this thread has been resolved...
                                  You and Regular Users use LDAP, but Portal Users shouldn't use LDAP? And you don't have a checkmark in the Use LDAP Authentication for Portal Users field in Administration > Authentication > LDAP?

                                  Please elaborate, what is your current problem?​

                                    Comment

                                    • Ednt
                                      Member
                                      • May 2022
                                      • 31
                                      #10
                                      In the Portal Espocrm will Not send Email for Password Recovery if we use LDAP for Auth and there ist No Checkmark in Use LDAP Authentication for Portal Users field in Administration > Authentication > LDAP.

                                        Comment

                                        • Ednt
                                          Member
                                          • May 2022
                                          • 31
                                          #11
                                          To be clear:

                                          The problem is not solved: Portal password recovery is not possible in our case

                                          Our case: LDAP auth for main users, ESPO auth for portal users.
                                          Normal stuff works, both types of users can login.
                                          Main CRM via LDAP, portal users via given password in ESPO.

                                          The problem with password recovery in portal:

                                          Original problem (403 error) solved by typing a complete URL with correct protocol in the portal URL field.

                                          But then it is still not working:

                                          1. There was/is no error message after clicking on send rcovery e-mail, the e-mail was never send

                                          After searching in the source code we found that the recovery stops when auth method for the main CRM is not ESPO.
                                          Fixed by adding && condition.

                                          2. After this fix, the e-mail is send to the portal user, but when he is trying to change the password,
                                          the error 'auth method is not ESPO' is shown.

                                          As result, a portal user can still not recover his password.

                                          An other condition for portal users is needed (our opinion, but not looked in detail where to change this)

                                            Comment

                                            • cperdomo
                                              #11.1
                                              cperdomo commented
                                              12-13-2024, 02:12 PM
                                              Editing a comment
                                              Me pueden ayudar con servicios profesionales para configurar EspoCRM con LDAP?
                                            • victor
                                              Active Community Member
                                              • Aug 2022
                                              • 727
                                              #12
                                              Ednt,

                                              Starting with EspoCRM v9.0.

                                              For those who want to create LDAP authentication for Regular Users and Espo authentication for Portal Users (at the same time, so that Portal Users have the opportunity to recover passwords via email), you need to set the Custom URL field in the Portal record. For example, you can use your domain name portal.my-company.com to access the Portal.
                                              Last edited by yuri; 12-13-2024, 01:51 PM.

                                                Comment

                                                • Ednt
                                                  Member
                                                  • May 2022
                                                  • 31
                                                  #13
                                                  It fails, because of

                                                  Code:
                                                    private function isPortalLdapDisabled(): bool
    {
        return $this->applicationState->isPortal() &&
            $this->authenticationMethodProvider->get() === LdapLogin::NAME &&
            !$this->config->get('ldapPortalUserLdapAuth');
    }
                                                  returns still false

                                                  /UserSecurity/Password/Service.php

                                                    Comment

                                                    • yuri
                                                      Member
                                                      • Mar 2014
                                                      • 8440
                                                      #14
                                                      Have you configured the portal environment? There should be ESPO_PORTAL_ID environment variable set, then the client page will run as the portal.
                                                      If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

                                                        Comment

                                                      • Ednt
                                                        Member
                                                        • May 2022
                                                        • 31
                                                        #15
                                                        of course

                                                        But if you have an installation with LDAP and the Portal is ESPO the Code in the Master will not work for Password Recovery.
                                                        Try to set a new Password!

                                                          Comment

                                                          Previous 1 2 template Next
                                                          Working...