Nevermind, my fault. I had two users with the same e-mail address in the DB and it was the e-mail I tested password reset on. No wonder it didn't work. Got to recheck my validators.
On Saturday, July 27, 2013 1:39:28 PM UTC+2, Anthony wrote: > > Not sure. Can you reproduce the problem in a fresh app? > > On Saturday, July 27, 2013 6:27:51 AM UTC-4, lesssugar wrote: >> >> I was too quick with the "No action needed" marker. It apperars that the >> new password I create in reset_password is not saved in the DB. >> >> 1. I type new password 2 times in the form >> 2. I submit the form. "Password changed" flash appears and I get >> automatically logged in >> 3. After I log out and try to log in with the new password - "Invalid >> login" flash shows up >> >> Are there any known reasons for such behaviour? >> >> On Saturday, July 27, 2013 2:54:21 AM UTC+2, Anthony wrote: >>> >>> The request_reset_password form gets a custom formname, so it doesn't >>> conflict with other forms on the page. This is not the case for the >>> reset_password form, hence the problem. >>> >>> Anthony >>> >>> On Friday, July 26, 2013 7:09:02 PM UTC-4, lesssugar wrote: >>>> >>>> OK, I figured it out. I have a hidden feedback form on every page >>>> (generated with LOAD), which appears onclick. So basically when I go to >>>> default/user/reset_password I have two forms on one page. I followed >>>> instructions from the book and the problem is solved: >>>> http://web2py.com/books/default/chapter/29/07/forms-and-validators#Multiple-forms-per-page >>>> >>>> Still, I'm not sure why everything worked fine on the >>>> request_reset_password page. In this case there are also two forms per >>>> page, however, they never collided. >>>> >>>> Anyway, thanks, Anthony. >>>> >>>> On Friday, July 26, 2013 9:54:32 PM UTC+2, Anthony wrote: >>>>> >>>>> Hmm, hard to say what's going on then, especially given that you can't >>>>> replicate the problem in a fresh app. >>>>> >>>>> On Friday, July 26, 2013 11:23:01 AM UTC-4, lesssugar wrote: >>>>>> >>>>>> Checked it. >>>>>> >>>>>> After the form loads, session['_formkey[no_table/create]'] is the >>>>>> same as the _formkey value in the form. Guess this makes it rather more >>>>>> confusing. >>>>>> >>>>>> On Friday, July 26, 2013 5:07:26 PM UTC+2, Anthony wrote: >>>>>>> >>>>>>> After the page with the reset password form has been loaded, you can >>>>>>> see if there is a _formkey[no_table/create] key in the session and >>>>>>> confirm >>>>>>> the value stored there is the same as the value in the hidden _formkey >>>>>>> field in the form on the HTML page. >>>>>>> >>>>>>> Anthony >>>>>>> >>>>>>> On Friday, July 26, 2013 10:51:39 AM UTC-4, lesssugar wrote: >>>>>>>> >>>>>>>> It could be something with the session. As I wrote: the first form >>>>>>>> (request_reset_password) works fine - it validates, it sends email >>>>>>>> with >>>>>>>> reset link. But after the link is clicked and the reset_password form >>>>>>>> appears - the form is useless, new password can't be created. >>>>>>>> >>>>>>>> You wrote that it's possible that the _formkey check does not pass >>>>>>>> when submitting. Any ideas how to debug in such case? If it's not >>>>>>>> this, it >>>>>>>> could be everything. >>>>>>>> >>>>>>>> On Thursday, July 25, 2013 8:34:38 PM UTC+2, Anthony wrote: >>>>>>>>> >>>>>>>>> When the form doesn't validate but you get no error messages, it >>>>>>>>> often means the _formkey checked didn't pass (the _formkey is stored >>>>>>>>> in the >>>>>>>>> session, so often this is due to an issue with the session or >>>>>>>>> cookies). >>>>>>>>> >>>>>>>>> Anthony >>>>>>>>> >>>>>>>>> On Thursday, July 25, 2013 1:50:09 PM UTC-4, lesssugar wrote: >>>>>>>>>> >>>>>>>>>> No. Cookies are on. I'm not clearing the session explicitly >>>>>>>>>> anywhere in the code neither. Just created dummy app to test >>>>>>>>>> password reset >>>>>>>>>> - and validation works fine in both forms (requesting reset, >>>>>>>>>> creating new >>>>>>>>>> password). default/user function of the dummy application is >>>>>>>>>> standard and >>>>>>>>>> it looks just like mine. No idea what's going on, but it definitely >>>>>>>>>> must be >>>>>>>>>> my fault somehow. >>>>>>>>>> >>>>>>>>>> I'll keep digging. Let you know if I find the bug. >>>>>>>>>> >>>>>>>>>> On Thursday, July 25, 2013 6:08:38 PM UTC+2, Anthony wrote: >>>>>>>>>>> >>>>>>>>>>> Is it possible that cookies are disabled or that the session is >>>>>>>>>>> somehow getting cleared (e.g., session.forget() or session.clear())? >>>>>>>>>>> >>>>>>>>>>> On Thursday, July 25, 2013 11:49:54 AM UTC-4, lesssugar wrote: >>>>>>>>>>>> >>>>>>>>>>>> When submitting the form with different passwords - the page >>>>>>>>>>>> reloads and that's it. No validation, no error response.flash, >>>>>>>>>>>> nothig. The >>>>>>>>>>>> same issue occurs with the same passwords and with empty inputs. >>>>>>>>>>>> >>>>>>>>>>>> web2py version: 2.4.7-stable >>>>>>>>>>>> >>>>>>>>>>>> On Thursday, July 25, 2013 5:44:18 PM UTC+2, Anthony wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> What happens if the passwords are different? Which version of >>>>>>>>>>>>> web2py? >>>>>>>>>>>>> >>>>>>>>>>>>> On Thursday, July 25, 2013 11:14:21 AM UTC-4, lesssugar wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>> Thanks, Anthony, I removed the if statement and it worked for >>>>>>>>>>>>>> request_reset_password. >>>>>>>>>>>>>> >>>>>>>>>>>>>> However, after I click the link sent to e-mail address, the >>>>>>>>>>>>>> reset_password form still doesn't process "New password" and >>>>>>>>>>>>>> "Verify >>>>>>>>>>>>>> password" fields. The inputs can be empty, the passwords can be >>>>>>>>>>>>>> different - >>>>>>>>>>>>>> no validation is performed. >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Thursday, July 25, 2013 4:51:46 PM UTC+2, Anthony wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> def user(): >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> auth.settings.formstyle = 'divs' >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> if request.args(0) == 'request_reset_password': >>>>>>>>>>>>>>>> auth.request_reset_password(next = URL('default', >>>>>>>>>>>>>>>> 'index')) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> return dict(form=auth()) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Your code is creating and processing the form twice. >>>>>>>>>>>>>>> auth.request_reset_password(...) creates and processes the >>>>>>>>>>>>>>> form (though you aren't storing that version in a variable and >>>>>>>>>>>>>>> passing it >>>>>>>>>>>>>>> to the view). Then, form=auth() once again calls >>>>>>>>>>>>>>> auth.request_reset_password(), which creates and processes >>>>>>>>>>>>>>> the form a second time. When the form is submitted, the first >>>>>>>>>>>>>>> call >>>>>>>>>>>>>>> processes the form and does the validation, but the second call >>>>>>>>>>>>>>> then >>>>>>>>>>>>>>> creates a new form. You can simply eliminate that whole "if" >>>>>>>>>>>>>>> segment from >>>>>>>>>>>>>>> your code -- form=auth() will take care of everything. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Anthony >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
