Portal Password Recovery 403

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Ednt
    Member
    • May 2022
    • 31

    Portal Password Recovery 403

    If a customer tries to reset the password in a portal, he gets the Error:

    403: URL does not match Site URL

    How can we resolve this issue?

    I checked and if i replace the Server name from the Portal with the server name from the main Installation I get 200 OK
    This i tried with a post Tool with the JSON payload.

    Last edited by Ednt; 11-20-2024, 11:31 AM.
  • victor
    Active Community Member
    • Aug 2022
    • 729

    #2
    Clear the Your_portal_name > Portal > Genegal > Custom URL field and try again to reset the password like a Portal User.
    If it helps, the problem is in your server configuration: https://docs.espocrm.com/administrat...cess-to-portal.

    Comment

    • Ednt
      Member
      • May 2022
      • 31

      #3
      I cleared the fields, but the failure is the same.

      i use exactly this config:


      And on the site https://docs.espocrm.com/administrat...cess-to-portal.​ is no information which help.

      Comment

      • victor
        Active Community Member
        • Aug 2022
        • 729

        #4
        Send nginx log + config code of your nginx.

        Comment

        • Ednt
          Member
          • May 2022
          • 31

          #5
          Solved:

          the Portal URL needs to contain the URL with leading protocol: "https://"
          Last edited by Ednt; 11-29-2024, 03:55 PM.

          Comment

          • Ednt
            Member
            • May 2022
            • 31

            #6
            But :

            if the main ESPOCRM authentication is done by LDAP,
            it is not possible that a Portal User with a 'manual' password gets an E-Mail for Password recovery.

            Look at:

            RecoveryService.php

            Code:
            if (
            !$user->isAdmin() &&
            $this->authenticationMethodProvider->get() !== EspoLogin::NAME
            )
            But the website tells us in green that the email was sent successfully.
            Last edited by Ednt; 11-29-2024, 03:57 PM.

            Comment

            • Ednt
              Member
              • May 2022
              • 31

              #7
              A quick hack:

              Code:
              if (
              !$user->isAdmin() &&
              $this->authenticationMethodProvider->get() !== EspoLogin::NAME &&
              !$this->applicationState->isPortal
              )​

              Comment


              • lazovic
                lazovic commented
                Editing a comment
                It is not recommended to make changes of this nature to the EspoCRM files. At the very least, they are not an upgrade safe and will be erased after upgrading the instance version. Also, such changes may cause problems with other functionality.
            • Ednt
              Member
              • May 2022
              • 31

              #8
              And ...

              now we get the link, but the Portal User can still not change the password -> same reason as above, the auth method is not ESPO

              A correct message is shown.
              But it should work. The Portal Users have no LDAP, they are using the passwords from inside ESPO. And this works for Portal login.
              Only the normal access is using LDAP.
              Last edited by Ednt; 11-29-2024, 03:58 PM.

              Comment

              • victor
                Active Community Member
                • Aug 2022
                • 729

                #9
                After several of your posts in a row, it's not entirely clear if the issue that created this thread has been resolved...
                You and Regular Users use LDAP, but Portal Users shouldn't use LDAP? And you don't have a checkmark in the Use LDAP Authentication for Portal Users field in Administration > Authentication > LDAP?

                Please elaborate, what is your current problem?​

                Comment

                • Ednt
                  Member
                  • May 2022
                  • 31

                  #10
                  In the Portal Espocrm will Not send Email for Password Recovery if we use LDAP for Auth and there ist No Checkmark in Use LDAP Authentication for Portal Users field in Administration > Authentication > LDAP.

                  Comment

                  • Ednt
                    Member
                    • May 2022
                    • 31

                    #11
                    To be clear:

                    The problem is not solved: Portal password recovery is not possible in our case

                    Our case: LDAP auth for main users, ESPO auth for portal users.
                    Normal stuff works, both types of users can login.
                    Main CRM via LDAP, portal users via given password in ESPO.

                    The problem with password recovery in portal:

                    Original problem (403 error) solved by typing a complete URL with correct protocol in the portal URL field.

                    But then it is still not working:

                    1. There was/is no error message after clicking on send rcovery e-mail, the e-mail was never send

                    After searching in the source code we found that the recovery stops when auth method for the main CRM is not ESPO.
                    Fixed by adding && condition.

                    2. After this fix, the e-mail is send to the portal user, but when he is trying to change the password,
                    the error 'auth method is not ESPO' is shown.

                    As result, a portal user can still not recover his password.

                    An other condition for portal users is needed (our opinion, but not looked in detail where to change this)

                    Comment


                    • cperdomo
                      cperdomo commented
                      Editing a comment
                      Me pueden ayudar con servicios profesionales para configurar EspoCRM con LDAP?
                  • victor
                    Active Community Member
                    • Aug 2022
                    • 729

                    #12
                    Ednt,

                    Starting with EspoCRM v9.0.

                    For those who want to create LDAP authentication for Regular Users and Espo authentication for Portal Users (at the same time, so that Portal Users have the opportunity to recover passwords via email), you need to set the Custom URL field in the Portal record. For example, you can use your domain name portal.my-company.com to access the Portal.
                    Last edited by yuri; 12-13-2024, 01:51 PM.

                    Comment

                    • Ednt
                      Member
                      • May 2022
                      • 31

                      #13
                      It fails, because of

                      Code:
                        private function isPortalLdapDisabled(): bool
                          {
                              return $this->applicationState->isPortal() &&
                                  $this->authenticationMethodProvider->get() === LdapLogin::NAME &&
                                  !$this->config->get('ldapPortalUserLdapAuth');
                          }
                      returns still false

                      /UserSecurity/Password/Service.php

                      Comment

                      • yuri
                        Member
                        • Mar 2014
                        • 8453

                        #14
                        Have you configured the portal environment? There should be ESPO_PORTAL_ID environment variable set, then the client page will run as the portal.
                        If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

                        Comment

                      • Ednt
                        Member
                        • May 2022
                        • 31

                        #15
                        of course

                        But if you have an installation with LDAP and the Portal is ESPO the Code in the Master will not work for Password Recovery.
                        Try to set a new Password!

                        Comment

                        Working...