Magento – Magento 2.2.6 Customer Password Reset

change-passworderrormagento2.2.6password-recoverytroubleshooting

I have a problem with customer password reset in Magento 2.2.6
After pressing forgot password it send me an email " Set a New Password link "

but when i am trying to set new password i got a message

Something went wrong while saving the new password.

Also i checked

var/logs

But i dont have any problem with this all kind of emails setting are correct..
Any suggest?

Best Answer

This is a bug in Magento 2.2.6 and Magento 2.2.7. Go to the file vendor/magento/module-customer/Model/AccountManagement.php and patch it like this:

       Fix M2.2.7 - MAGETWO-96079: Cannot update password using received link

diff --git a/Model/AccountManagement.php b/Model/AccountManagement.php
index 8f25651..b5b1905 100644
--- a/Model/AccountManagement.php
+++ b/Model/AccountManagement.php
@@ -670,8 +670,8 @@ class AccountManagement implements AccountManagementInterface
         $customerSecure->setRpTokenCreatedAt(null);
         $customerSecure->setPasswordHash($this->createPasswordHash($newPassword));
         $this->getAuthentication()->unlock($customer->getId());
-        $this->sessionManager->destroy();
         $this->destroyCustomerSessions($customer->getId());
+        $this->sessionManager->destroy();
         $this->customerRepository->save($customer);

         return true;

More info:

https://github.com/magento/magento2/commit/7443dc3194040e9ce2f7baf902470deb975b97c6 https://github.com/magento/magento2/issues/18256

Related Solutions

Customer Password Recovery – Reset Issue in Magento CE 1.7.0.2

it happened again. I got the solution less than 1 hour after posting the question.
But before posting it I want to say that this looks like a Magento bug to me.
Customers should be able to change their password even if the customer settings have been changed.
The obvious thing to do is to remove the line (and other ones related to it)

$validationErrorMessages = $customer->validate();

from the Mage_Customer_AccountController::resetPasswordPostAction.
I don't think a full validation is required here since we are changing only the password.
All the other fields can be changed once the customer gets access to his account. (FOR WHICH HE NEEDS A PASSWORD)

But I didn't remove that, in case there is an other reason that I'm missing.
Here is what I did just for this particular case.

Since I only need to skip this validation on the recover password page, I observed the event controller_action_predispatch_customer_account_resetpasswordpost and just registered a value.

<events>
    <controller_action_predispatch_customer_account_resetpasswordpost>
        <observers>
            <[namespace]_[module]>
                <class>[namespace]_[module]/observer</class>
                <method>skipDobValidation</method>
            </[namespace]_[module]>
        </observers>
    </controller_action_predispatch_customer_account_resetpasswordpost>
</events>

and the observer method looks like this:

public function skipDobValidation($observer) {
    Mage::register('skip_dob_validation', true);
    return $this;
}

And I've overwritten the validate method in the customer model. I didn't find an event for it.

Basically it looks the same as in Mage_Customer_Model_Customer except for this part.

if ($attribute->getIsRequired() && '' == trim($this->getDob())) {
    $errors[] = Mage::helper('customer')->__('The Date of Birth is required.');
}

In my class it looks like this:

$skipDobValidation = Mage::registry('skip_dob_validation');
if (!$skipDobValidation) {
    if ($attribute->getIsRequired() && '' == trim($this->getDob())) {
        $errors[] = Mage::helper('customer')->__('The Date of Birth is required.');
    }
}

Customer Account – Customer Password Reset Unsuccessful

I found the solution on another question and noticed that customers were also not able to login without doing a password reset. So I did research and came across this post - Customer Login Doesn't Work in 1.9.

I added this line to the login.phtml file:

/app/design/frontend/default/template-name/template/persistent/customer/form/

and then pasted

<input type="hidden" name="form_key" value="<?php echo Mage::getSingleton('core/session')->getFormKey(); ?>" />

after

<ul class="form-list">

Now Customers can login after being logged out and customers can also reset their password as well!

Best Answer

Related Solutions

Customer Password Recovery – Reset Issue in Magento CE 1.7.0.2

Customer Account – Customer Password Reset Unsuccessful

Related Topic