Password reset link is invalid

Question

Password reset link is invalid

grandant opened this issue 25 days ago · comments

Peter Bozukov commented 25 days ago

Hi, thanks for the great work.

I am testing with:

WooCommerce 9.2.3
WooNuxt Settings 1.0.58
WPGraphQL WooCommerce (WooGraphQL) 0.21.0

Whenever I try to test the password reset functionality I get:

Password reset link is invalid.[Please request a new link](https://rondo-frontend-test.nuxt.dev/my-account?action=forgotPassword)

There aren't any errors in the dev console or anywhere else that I can see.

Alex Lykesas · Answer 1 · Tue Sep 10 2024 06:39:16 GMT+0800 (China Standard Time)

Interesting! @grandant

I did some work to make this work actually in woocommerce codebase (PR).

Today September 10 is the release of 9.3 which should contain my change. The change is that the reset link contains the username (called "login") which is required for the reset password to happen. Thats why you are getting this error!

Please try again with the 9.3 release of woocommerce once released and let me know if it worked!

Out of curiosity:

Did you get the Woocommerce Reset Email Email template?
How did you get the reset password link to headless woonuxt website? (did you use some plugin like: Simple Website Redirect or did you change the Site Address (URL) in wordpress Settings? By

Peter Bozukov · Answer 2 · Tue Sep 10 2024 14:15:12 GMT+0800 (China Standard Time)

Glad to hear that! I don't have any experience with WordPress but after a lot of trials I realized that the issue was exactly that. So I edited reset password template and I had to hard-code the production URL. So everything is working now. I realize this is less than ideal so I am looking forward to test your update.

Yes - I directly changed the template if that's your question
I hardcoded the Site Address into the template

I made some other changes as well to ensure that the WP Address and Site Address work separately.

There were several other issues as well. Maybe some of them are due to my very limited knowledge of WordPress configuration but if you are interested I can share my findings.

Alex Lykesas · Answer 3 · Tue Sep 10 2024 15:47:15 GMT+0800 (China Standard Time)

Well if you have edited the template then you might need to re-edit it and include the login parameter. Unless it gets overwritten once you update woocommerce to 9.3.
In my setup I found that using the plugin Simple Website Redirect worked fine. Simply all wordpress front-end urls are redirecting to the headless website. So no need to edit any template.

https://wordpress.org/plugins/simple-website-redirect/

Exclude Query Parameters: download_file,wc-api,graphql,wc-ajax
Exclude Paths: /graphql,/wp-json,/wc-auth

So if email link is:
https://shop.comewithreverse.com/my-account/lost-password/?key=asd21eadadsasdas&login=alexookah

after user trying to open the link he would go to
https://comewithreverse.com/my-account/lost-password?key=asd21eadadsasdas&login=alexookah

It's less hassle this way because you would need to edit also other Woocommerce emails like product links, order completed. e.t.c.

I also think this plugin should be recommended for Woonuxt from WoonuxtSettings plugin.
WDYT @scottyzen ?

Peter Bozukov · Answer 4 · Wed Sep 11 2024 12:34:42 GMT+0800 (China Standard Time)

Thanks, that works good. It's important to have the WordPress installed in the root directory to avoid additional configuration. I re-installed everything so it's a clean install now. Just waiting for the WooCommerce update to be released to see if the login credentials will be included in the password reset link.

Alex Lykesas · Answer 5 · Fri Sep 13 2024 06:50:31 GMT+0800 (China Standard Time)

Woocommerce 9.3.1 got released today and seems the username is provided in the reset link.
Check it out @grandant

Peter Bozukov · Answer 6 · Fri Sep 13 2024 12:29:03 GMT+0800 (China Standard Time)

Yep, the issue is resolved. Thanks for the help @alexookah