You are here: Foswiki>Tasks Web>Item15054 (07 Mar 2022, MichaelDaum)Edit Attach

Item15054: Unable to reset password using an outlook.com email account

pencil
Priority: Urgent
Current State: Confirmed
Released In: 2.2.0
Target Release: minor
Applies To: Engine
Component:
Branches:
Reported By: MichaelDaum
Waiting For:
Last Change By: MichaelDaum
ResetPassword or UserRegistration sends a one-time access token to the user forcing them to change their password afterwards.

However when this is an email account hosted by outlook.com, those emails are preprocessed, i.e. all links are tested and rewritten to some https://..safelinks.protection.outlook.com?url=origurl. While doing so the one-time access token is invalidated so that the user cannot use it anymore to proceed on changing the password / confirming the account.

-- MichaelDaum - 23 Nov 2021

Any suggestion on how to address this? The obvious way is not to use Outlook. But that is not really a solution.

Do we need a different scheme?

Should we obfuscate the url?

-- BramVanOosterhout - 19 Dec 2021

I think that instead of using a one-time access token we need to come up with another approach here.

-- MichaelDaum - 19 Dec 2021
 

ItemTemplate edit

Summary Unable to reset password using an outlook.com email account
ReportedBy MichaelDaum
Codebase
SVN Range
AppliesTo Engine
Component
Priority Urgent
CurrentState Confirmed
WaitingFor
Checkins
TargetRelease minor
ReleasedIn 2.2.0
CheckinsOnBranches
trunkCheckins
masterCheckins
ItemBranchCheckins
Release02x01Checkins
Release02x00Checkins
Release01x01Checkins
Topic revision: r4 - 07 Mar 2022, MichaelDaum
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy