I installed Self Service module on UCS 4.3-3 and the password reset used to work fine.
After upgrade to UCS 4.4 the password reset procedure breaks. The E-Mail with containing the link with the token is sent (seemingly) correctly. Following the link the user is not able to set a new password, but gets on the page where he can insert his username and request a token again. The behavior is equal on both the link containing the token & username and for the blank link (https://f.q.dn/univention/self-service/#page=newpassword). I tested it with Firefox and Chrome.
The browser outputs the following error in console:
dojo.js.uncompressed.js:8581 TypeError: Cannot read property 'firstChild' of undefined
at Object.<anonymous> (main.js:108)
at dojo.js.uncompressed.js:2936
at Object.forEach (dojo.js.uncompressed.js:4232)
at Object._addSubPages (main.js:101)
at Object.start (main.js:71)
at Object.callback ((index):15)
at callback (config.js:149)
at ha (dojo.js.uncompressed.js:1164)
at dojo.js.uncompressed.js:1330
at ia (dojo.js.uncompressed.js:1307) "in domReady callback" "TypeError: Cannot read property 'firstChild' of undefined
at Object.<anonymous> (https://f.q.dn/univention/self-service/main.js:108:34)
at https://f.q.dn/univention/js/dojo/dojo.js:42:499
at Object.forEach (https://f.q.dn/univention/js/dojo/dojo.js:57:383)
at Object._addSubPages (https://f.q.dn/univention/self-service/main.js:101:10)
at Object.start (https://f.q.dn/univention/self-service/main.js:71:9)
at Object.callback (https://f.q.dn/univention/self-service/:15:18)
at callback (https://f.q.dn/univention/js/config.js:149:22)
at ha (https://f.q.dn/univention/js/dojo/dojo.js:20:170)
at https://f.q.dn/univention/js/dojo/dojo.js:20:425
at ia (https://f.q.dn/univention/js/dojo/dojo.js:20:292)"
Reinstallation of the Self Service module and reboot of the machine didn’t change the behavior.
I can reproduce this problem. The recovery mail sends two links, one that’s supposed to reset the password directly by including the token in the URL, and one that’s supposed to open the page where you can enter the user name, the token & the new password manually.
Unfortunately both links result in the start page where you can enter the user name & select the recovery method — and then another token is sent.
The whole process only works if you do the steps, do not close the browser window (as it’s showing the “enter user name, token & new password” page after sending the token), wait for the recovery token to arrive & to enter then.
You should probably open a bug over on the bug tracker. I’m a bit pressed for time; otherwise I’d do it myself.
I copy-pasted from two different email programs. I really don’t think they both would be able to get it wrong, especially as I use both all the time for copy-pasting URLs.
Just to be sure, here’s the raw email as downloaded via IMAP:
Return-Path: <noreply@master.mbu-test.intranet>
X-Original-To: m.bunkus@linet-services.de
Delivered-To: mbunkus@localhost
Received: from master.mbu-test.intranet (unknown [IPv6:2001:1640:141:e:1::6e])
by merrimack.linet-services.de (Postfix) with ESMTPS id D9BFEFC08B2
for <m.bunkus@linet-services.de>; Thu, 14 Mar 2019 17:23:18 +0100 (CET)
Received: from master.mbu-test.intranet (localhost [IPv6:::1])
by master.mbu-test.intranet (Postfix) with ESMTP id E427FABACBF
for <m.bunkus@linet-services.de>; Thu, 14 Mar 2019 17:23:17 +0100 (CET)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Subject: Password reset
Date: Thu, 14 Mar 2019 17:23:17 +0100
From: Password Reset Service <noreply@master.mbu-test.intranet>
To: m.bunkus@linet-services.de
Content-Transfer-Encoding: quoted-printable
X-TUID: aB14RcTbZSxd
Dear user mbunkus,
we have received a password reset request for your account. If you did not
wish to change your password, you can safely ignore this message.
To change your password please follow this link:
https://master.mbu-test.intranet/univention/self-service/#page=3Dnewpasswor=
d&token=3Dmffvd7CZCPxWQLvM4dYQbdXjvqhHSF5SXoVQUtHx6UqDPGtsFEVENjF6pPnM3RNF&=
username=3Dmbunkus
If the link does not work, you can go to
https://master.mbu-test.intranet/univention/self-service/#page=3Dnewpassword
and enter the following token manually:
mffvd7CZCPxWQLvM4dYQbdXjvqhHSF5SXoVQUtHx6UqDPGtsFEVENjF6pPnM3RNF
Greetings from your password self service system.
and visiting that URL shows the same issue. Even with cleared cache, in a privacy mode window etc. My browser’s JavaScript console shows the same “Cannot read property ‘firstChild’ of undefined” error the original poster mentioned.
Hello,
I’m having this problem to. I upgraded three Servers to UCS 4.4-0 errata-5. The only way to use the password reset page, is to stay on it and paste the token from the email in it. I rebooted all three servers and tried removing and installing the self-help-app. There is an old bug report from 2017. Would it be reasonable to open another one?
