NC13b3 regression: Reset Password no longer works #7574
Description
Steps to reproduce
- call login page, enter an existing user name but a wrong password
- click on "Forgot password?", receive mail, click on the reset link (https://seyfarth.de/cloud/index.php/lostpassword/set/TOKEN/USER)
- a windows to enter a new password appears, enter a new password that satisfies the policy you set
Expected behaviour
The new password should be accepted and set, a confirmation should be displayed.
Actual behaviour
In Chrome, I get HTTP ERROR 405. In Firefox I get "Access deniedCSRF check failed". Unsure wether new password is set.
Server configuration
Operating system: Debian Stretch (up to date)
Web server: Apache 2.4.10
Database: MySQL 5.5.58
PHP version: 5.6.30
Nextcloud version: 13.0.0 Beta 3
Updated from an older Nextcloud/ownCloud or fresh install: Upgraded from 12.0.4
Where did you install Nextcloud from: admin page / installer
Signing status: no errors upon signing: http://example.com/index.php/settings/integrity/failed reports "No errors have been found." Warnings upon PGP 5.6 though. (BTW, what will happen to debian users in next debian version isn't released before NC 14?)
List of activated apps:
Details
Enabled: - activity: 2.6.1 - admin_audit: 1.3.0 - apporder: 0.4.1 - bookmarks: 0.10.1 - bruteforcesettings: 1.0.3 - calendar: 1.5.7 - cms_pico: 0.9.6 - comments: 1.3.0 - contacts: 2.0.1 - dav: 1.4.5 - external: 3.0.0 - federatedfilesharing: 1.3.1 - federation: 1.3.0 - files: 1.8.0 - files_markdown: 2.0.1 - files_pdfviewer: 1.2.0 - files_retention: 1.2.0 - files_sharing: 1.5.0 - files_texteditor: 2.5.1 - files_trashbin: 1.3.0 - files_versions: 1.6.0 - files_videoplayer: 1.2.0 - gallery: 18.0.0 - groupfolders: 1.1.0 - impersonate: 1.0.2 - logreader: 2.0.0 - lookup_server_connector: 1.1.0 - mail: 0.7.6 - nextcloud_announcements: 1.2.0 - notifications: 2.1.2 - oauth2: 1.1.0 - ownbackup: 17.5.0 - password_policy: 1.3.0 - polls: 0.8.0 - provisioning_api: 1.3.0 - serverinfo: 1.3.0 - sharebymail: 1.3.0 - spreed: 2.9.0 - systemtags: 1.3.0 - theming: 1.4.1 - twofactor_backupcodes: 1.2.3 - twofactor_totp: 1.4.0 - updatenotification: 1.3.0 - workflowengine: 1.3.0 Disabled: - checksum - encryption - files_external - firstrunwizard - survey_client - tasks - user_external - user_ldapNextcloud configuration:
Details
{ "system": { "instanceid": "***REMOVED SENSITIVE VALUE***", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "seyfarth.de" ], "datadirectory": "***REMOVED SENSITIVE VALUE***", "overwrite.cli.url": "https:\/\/seyfarth.de\/cloud", "dbtype": "mysql", "version": "13.0.0.8", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "", "dbtableprefix": "oc_", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "logtimezone": "Europe\/Berlin", "installed": true, "trashbin_retention_obligation": "auto,90", "versions_retention_obligation": "90,auto", "memcache.local": "\\OC\\Memcache\\APCu", "memcache.locking": "\\OC\\Memcache\\Redis", "filelocking.enabled": "true", "redis": { "host": "***REMOVED SENSITIVE VALUE***", "port": 6379, "timeout": 0 }, "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_smtpmode": "php", "mail_domain": "***REMOVED SENSITIVE VALUE***", "defaultapp": "calendar", "maintenance": false, "loglevel": 2, "theme": "", "appstore.experimental.enabled": true, "updater.release.channel": "beta", "mail_smtpauthtype": "PLAIN", "mail_smtpsecure": "tls", "mail_smtpauth": 1 } }Are you using external storage, if yes which one: no
Are you using encryption: no
Are you using an external user-backend, if yes which one: no
Client configuration
Browser: Firefox 57 / Chrome 63
Operating system: W10