Portal Password Recovery 403

**yuri** · 12-14-2024, 04:24 PM

When you open the page to set a new password, is the portal theme applied? Or check in the page source (click Ctrl+U), is there "require('app-portal'," ? If no, it means that the page is not run through the portal.

This code should detect the portal: https://github.com/espocrm/espocrm/b...ls/Url.php#L50.

As seems you know programming, I encourage to debug the problem.

**Ednt** · 12-16-2024, 11:37 AM

The URL in the E-Mail is from the Portal.

you can solve the bug if you change the code from:

Code:

private function isPortalLdapDisabled(): bool
{
return $this->applicationState->isPortal() &&
$this->authenticationMethodProvider->get() === LdapLogin::NAME &&
!$this->config->get('ldapPortalUserLdapAuth');
}

to

Code:

private function isPortalLdapDisabled(): bool
{
return $this->applicationState->isPortal()
}

do you can confirm the bug ?

**yuri** · 12-16-2024, 11:47 AM

I do not confirm the bug. Your code suggestion cannot be applied as it's a hack that breaks the logic.

What exactly gives false for you?

Code:

$this->authenticationMethodProvider->get() === LdapLogin::NAME

or

Code:

!$this->config->get('ldapPortalUserLdapAuth');

Both are supposed to be true for your case. If you set LDAP and not enabled portal users for LDAP. If otherwise, then it's an expected behavior. Portal users should not be able to restore passwords if they use LDAP.

Portal Password Recovery 403

Comment

Comment

Comment