reset Prestashop error the password change request expired. You should ask for a new one

Edge_jr · August 3, 2022

Hi,

I am getting errors when trying to reset the password. I change some changes as per suggestions in the ps_configuration table and others but had no success in solving the problem.

I found code in below file related to error message.

prestashop\controllers\front\PasswordController.php

I feel token from email and system do not match as per code condition. if($customer->getValidResetPasswordToken() !== $reset_token)

protected function changePassword()
{
$token = Tools::getValue('token');
$id_customer = (int) Tools::getValue('id_customer');
$reset_token = Tools::getValue('reset_token');
$email = Db::getInstance()->getValue(
'SELECT `email` FROM ' . _DB_PREFIX_ . 'customer c WHERE c.`secure_key` = \'' . pSQL($token) . '\' AND c.id_customer = ' . $id_customer
);
if ($email) {
$customer = new Customer();
$customer->getByEmail($email);

if (!Validate::isLoadedObject($customer)) {
$this->errors[] = $this->trans('Customer account not found', [], 'Shop.Notifications.Error');
} elseif (!$customer->active) {
$this->errors[] = $this->trans('You cannot regenerate the password for this account.', [], 'Shop.Notifications.Error');
} elseif ($customer->getValidResetPasswordToken() !== $reset_token) {
$this->errors[] = $this->trans('The password change request expired. You should ask for a new one.', [], 'Shop.Notifications.Error');
}

if ($this->errors) {
return;
}

if ($isSubmit = Tools::isSubmit('passwd')) {
// If password is submitted validate pass and confirmation
if (!$passwd = Tools::getValue('passwd')) {
$this->errors[] = $this->trans('The password is missing: please enter your new password.', [], 'Shop.Notifications.Error');
}

if (!$confirmation = Tools::getValue('confirmation')) {
$this->errors[] = $this->trans('The confirmation is empty: please fill in the password confirmation as well', [], 'Shop.Notifications.Error');
}

if ($passwd && $confirmation) {
if ($passwd !== $confirmation) {
$this->errors[] = $this->trans('The password and its confirmation do not match.', [], 'Shop.Notifications.Error');
}

if (!Validate::isPasswd($passwd)) {
$this->errors[] = $this->trans('The password is not in a valid format.', [], 'Shop.Notifications.Error');
}
}
}

if (!$isSubmit || $this->errors) {
// If password is NOT submitted OR there are errors, shows the form (and errors)
$this->context->smarty->assign([
'customer_email' => $customer->email,
'customer_token' => $token,
'id_customer' => $id_customer,
'reset_token' => $reset_token,
]);

$this->setTemplate('customer/password-new');
} else {
// Both password fields posted. Check if all is right and store new password properly.
if (!$reset_token || (strtotime($customer->last_passwd_gen . '+' . (int) Configuration::get('PS_PASSWD_TIME_FRONT') . ' minutes') - time()) > 0) {
Tools::redirect('index.php?controller=authentication&error_regen_pwd');
} else {
$customer->passwd = $this->get('hashing')->hash($password = Tools::getValue('passwd'), _COOKIE_KEY_);
$customer->last_passwd_gen = date('Y-m-d H:i:s', time());

if ($customer->update()) {
Hook::exec('actionPasswordRenew', ['customer' => $customer, 'password' => $password]);
$customer->removeResetPasswordToken();
$customer->update();

$mail_params = [
'{email}' => $customer->email,
'{lastname}' => $customer->lastname,
'{firstname}' => $customer->firstname,
];

if (
Mail::Send(
$this->context->language->id,
'password',
$this->trans(
'Your new password',
[],
'Emails.Subject'
),
$mail_params,
$customer->email,
$customer->firstname . ' ' . $customer->lastname
)
) {
$this->context->smarty->assign([
'customer_email' => $customer->email,
]);
$this->success[] = $this->trans('Your password has been successfully reset and a confirmation has been sent to your email address: %s', [$customer->email], 'Shop.Notifications.Success');
$this->context->updateCustomer($customer);
$this->redirectWithNotifications('index.php?controller=my-account');
} else {
$this->errors[] = $this->trans('An error occurred while sending the email.', [], 'Shop.Notifications.Error');
}
} else {
$this->errors[] = $this->trans('An error occurred with your account, which prevents us from updating the new password. Please report this issue using the contact form.', [], 'Shop.Notifications.Error');
}
}
}
} else {
$this->errors[] = $this->trans('We cannot regenerate your password with the data you\'ve submitted', [], 'Shop.Notifications.Error');
}
}

Edited August 3, 2022 by edge82
post updated (see edit history)

Nickz · August 3, 2022

18 minutes ago, edge82 said:

I am getting errors when trying to reset the password.

What did you do? Is it a new install?

Edge_jr · August 3, 2022

Prestashop 1.7.7.3

davetech · August 3, 2022

I had this problem after a migration. I hadn't set the `password` field for the users that I migrated, and this prevented a password reset token from being set, or something. I dug into the code with xdebug and figured it out. Anyway, set a password value of 'invalid' on all users with a null password.

It stems from the user object model not being able to run the save function because the object does not validate correctly.

Edge_jr · August 4, 2022

I checked table ps_customer column related to password do not have any invalid or empty value. or null value.

Sign In

reset Prestashop error the password change request expired. You should ask for a new one

Recommended Posts

Edge_jr

Link to comment

Share on other sites

Nickz

Link to comment

Share on other sites

Edge_jr

Link to comment

Share on other sites

davetech

Link to comment

Share on other sites

Edge_jr

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Browse

Activity

Go back to prestashop.com