Can't reset password for just one user

(Dave Higgins) #1

A user is having problems logging in. When he attempts resets his password via “I forgot my password” he gets this when he clicks:

Notice: no “email sent” message appears!
Just the “no entry” icon (which for some reason isn’t captured by the GIF). And, indeed he is getting no email with a link to click.

I’ve tried too using his email address (copied and pasted from my Admin view of his user account!) and I see the same behaviour.

Furthermore, from the Data Explorer I see that the last email sent to this user was yesterday (when I sent him a re-activation email, which he acted upon and reactivated). So the email isn’t leaving the server at all. (This is also confirmed in my Sparkpost reports.)

When I test the same process with a different test-account, I get “email sent” and everything is working. I get the email.

Could anyone guide me as to what might be wrong with this user’s account?

This shouldn’t be relevant because the email isn’t sending as far as I can tell, but my score on mail-tester is a respectable 8.5/10.

(Jeff Atwood) #2

There is at least one other report of this on meta, but we can’t reproduce it.

Anything in /logs as an admin, or the F12 javascript console for that user’s browser?

(Dave Higgins) #3

I can repro the behaviour in my browser for his email address (after I log out first of course, then go through “I forgot my password” using his address, which I know is a valid activated user email address).

There’s nothing in /logs as Admin, after I repro the behaviour.

Using Firefox, in the Network JS I see the response from the server:

My Discourse instance genuinely cannot find this user by the forgot password method.

(Dave Higgins) #4

I just thought of something - this is one of the few users where I have changed ownership of all posts from one username/email to a new username (and new email address), using this:

That process seems to have been successful - the old-username posts are assigned to the new username.

Could this process have caused the issue?

[using v1.7.0.beta8 +133 now, ran the process above weeks ago though]

(Jeff Atwood) #5

Hmm odd any thoughts on this @sam?

(Dave Higgins) #6

Can I read the database to compare settings for a user which works and the one which has the issues? I am not finding this very easy using the Data Explorer plugin.
(In the old days of my previous forum sw (phpBB) I would have used phpMyAdmin.)

(SMHassanAlavi) #7

yes you can change it with database.
go to discourse folder and enter following codes:

rails db```
after doing this. you have entered the database environment. BE CAREFUL this is your complete site.
there is a table named: ```users ```
you can see the table structure by typing: ```\d users```
<img src="//" width="690" height="209">
you can see the hasehd password in database and change it for every user.
NOTE: this is hashed password not your own password

(Dave Higgins) #8

Thanks alot for the tip! I thought that it would be sufficient to generate the 256bit 6400-interation PBKDF2 hash which Discourse uses using a new password and some salt, and then enter the salt and password_hash into the users table, e.g.:

discourse=> UPDATE users SET salt='DBFBF675C43F8F1DF91F7071CEE0B543' WHERE email='';

and similarly for the newly generated password_hash.
I’ve confirmed the new entries are there via the Data Explorer plugin.

However I still can’t log in when posing as "" with the new password (“Incorrect username, email or password”).
Is there another step I need to perform / have I made a mistake here?

(Dave Higgins) #9

Does the absence of a password_hash or salt mean a user is “not found” by the login process?

And as a corollary: what could cause the absence of these entries in the database? Could the rake commands I performed from this howto do that?

(Andrew Waugh) #10

Any news on this?

I have a lot of users with multiple historical emails from our migration. I’d like to reunite the historical posts with the current active user, but not at the potential the cost of messing up the password reset function.

The issue isn’t just mere housekeeping - one thing that is happening on our forum is that people are finding historical posts from (currently) inactive accounts which seem to have the right name and sending PMs to that account.

(Dave Higgins) #11

No resolution on my Discourse instance. I am still stuck. The criteria used to determine a user is “not found” would be instructive. Then I could look at the database entries for the user who is not recognised.

(Sam Saffron) #12

This is the code that fires:


My guess… these accounts have “staged=true” set so for all effective purposes they do not exist.


./launcher enter app
% User.find_by(email: "some@email").update_columns(staged: false)

The admin user page has information about the “staged” status of a user.

(Dave Higgins) #14

Thanks for following up Sam.

I resolved it by asking the user to create another new account, and moving the ownership of the user’s messages again to that account.
Then I deleted the offending account, and got the user to recreate the original account again (so he can keep his original email address), and then I moved the message ownerships back.