Reset password throws exception in my 3 test instances of Nextcloud 13

[colinosullivan]

for a user that does have en email it is throwing the following exception "Couldn't send reset email. Please make sure your username is correct". this happens even though an email is sent to me and I can reset my password as expected.

Screenshot:
https://help.nextcloud.com/uploads/default/original/2X/c/c82a67a0e3b84b9fc9b8f74626df88addb716495.png

Steps to reproduce

1. From login screen select 'Forgot password?'.
2. On the forgotten password screen in the field where it says 'enter username or email', enter email.
3. Press 'Reset password' button.

Expected behaviour

I would expect a successful message with instructional text to display as it did in NC12. I would expect the email to be sent to reset password without issue.

Actual behaviour

When I submitted the reset password on the server it displayed this exception instead of issuing a success message to the UI it instead throws the exception withe a status "error" exception "Couldn't send reset email. Please make sure your username is correct".

The nextcloud 13 server sends the reset password email as it should. I can complete the reset password no problem. So it is strange how the UI logic seems to have a big in it.

Server configuration

Operating system: Ubuntu 14.04 LTS

Web server: Apache/2.4.7 (Ubuntu)

Database: 5.5.58-MariaDB-1ubuntu0.14.04.1 (Ubuntu)

PHP version: PHP 7.0.27

Nextcloud version: 13.0.1

Updated from an older Nextcloud/ownCloud or fresh install:

Updated from Version 12 to 13 using the manual upgrade method shown here: https://docs.nextcloud.com/server/13/admin_manual/configuration_server/occ_command.html#command-line-upgrade-label

Where did you install Nextcloud from:

https://nextcloud.com/install/#

List of activated apps:

App list

Enabled:

• activity: 2.6.1
• admin_audit: 1.3.0
• bruteforcesettings: 1.0.3
• comments: 1.3.0
• dav: 1.4.6
• end_to_end_encryption: 1.0.5
• federatedfilesharing: 1.3.1
• federation: 1.3.0
• files: 1.8.0
• files_accesscontrol: 1.3.0
• files_pdfviewer: 1.2.1
• files_retention: 1.2.0
• files_sharing: 1.5.0
• files_texteditor: 2.5.1
• files_trashbin: 1.3.0
• files_versions: 1.6.0
• files_videoplayer: 1.2.0
• impersonate: 1.0.3
• logreader: 2.0.0
• lookup_server_connector: 1.1.0
• nextcloud_announcements: 1.2.0
• notifications: 2.1.2
• oauth2: 1.1.0
• ojsxc: 3.3.2
• password_policy: 1.3.0
• provisioning_api: 1.3.0
• richdocuments: 2.0.5
• serverinfo: 1.3.0
• sharebymail: 1.3.0
• spreed: 3.1.0
• survey_client: 1.1.0
• systemtags: 1.3.0
• tasks: 0.9.6
• twofactor_backupcodes: 1.2.3
• updatenotification: 1.3.0
• workflowengine: 1.3.0

Client configuration

Browser:
Chrome
Version 65.0.3325.181 (Official Build) (64-bit)

Operating system:
OSX Sierra

---

## Debugging efforts so far:

I have tracked the bug to the Lost Password Controller located at nextcloud13/core/Controller/LostController.php

In the following function it always throw the last exception which would suggest it is not returning the user object or the condition count($users) === 1 is not true. I would not want to modify core too much so hopefully a developer at nextcloud can take a look as it is happening for all of my test instances.

`/**
* @param string $input
* @return IUser
* @throws \InvalidArgumentException
*/
protected function findUserByIdOrMail($input) {
$user = $this->userManager->get($input);
if ($user instanceof IUser) {
if (!$user->isEnabled()) {
throw new \InvalidArgumentException($this->l10n->t('Couldn't send reset email. Please make sure your username is correct.'));
}

		return $user;
	}
	$users = $this->userManager->getByEmail($input);
	if (count($users) === 1) {
		$user = $users[0];
		if (!$user->isEnabled()) {
			throw new \InvalidArgumentException($this->l10n->t('Couldn\'t send reset email. Please make sure your username is correct.'));
		}

		return $user;
	}

	throw new \InvalidArgumentException($this->l10n->t('Couldn\'t send reset email. Please make sure your username is correct.'));
}`

[Oclair]

Reset password throws exception

Confirmed, and it is not limited to NC13...

[Schmuuu]

Hi,

I can confirm this bug as well. Users receive this error message (exception) after hitting the "reset password" button when they are forwarded to:
https://nextcloud.domain.tld/lostpassword/email

This error message occurs in both cases, when I enter an email address (which is uniq on the server) and also when I enter the user name.
The email to that mail address is also sent in both cases however.

The nextcloud.log contains the following error message:

{"reqId":"UwKwADaaaaazHtwQ9W","level":3,"time":"2018-05-09T23:35:23+02:00","remoteAddr":"<IP-ADDRESS>","user":"--","app":"no app in context","method":"POST","url":"\/lostpassword\/email","message":"Exception: {\"Exception\":\"Exception\",\"Message\":\"key uid is expected to be set in $param\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/legacy\\\/hook.php(106): OC\\\\User\\\\Database::preLoginNameUsedAsUserName(Array)\\n#1 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/public\\\/Util.php(490): OC_Hook::emit('\\\\\\\\OCA\\\\\\\\Files_Shar...', 'preLoginNameUse...', Array)\\n#2 \\\/var\\\/www\\\/nextcloud\\\/core\\\/Controller\\\/LostController.php(230): OCP\\\\Util::emitHook('\\\\\\\\OCA\\\\\\\\Files_Shar...', 'preLoginNameUse...', Array)\\n#3 [internal function]: OC\\\\Core\\\\Controller\\\\LostController->email(NULL)\\n#4 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(161): call_user_func_array(Array, Array)\\n#5 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Http\\\/Dispatcher.php(91): OC\\\\AppFramework\\\\Http\\\\Dispatcher->executeController(Object(OC\\\\Core\\\\Controller\\\\LostController), 'email')\\n#6 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/App.php(115): OC\\\\AppFramework\\\\Http\\\\Dispatcher->dispatch(Object(OC\\\\Core\\\\Controller\\\\LostController), 'email')\\n#7 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/AppFramework\\\/Routing\\\/RouteActionHandler.php(47): OC\\\\AppFramework\\\\App::main('OC\\\\\\\\Core\\\\\\\\Control...', 'email', Object(OC\\\\AppFramework\\\\DependencyInjection\\\\DIContainer), Array)\\n#8 [internal function]: OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler->__invoke(Array)\\n#9 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/Route\\\/Router.php(297): call_user_func(Object(OC\\\\AppFramework\\\\Routing\\\\RouteActionHandler), Array)\\n#10 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/base.php(999): OC\\\\Route\\\\Router->match('\\\/lostpassword\\\/e...')\\n#11 \\\/var\\\/www\\\/nextcloud\\\/index.php(37): OC::handleRequest()\\n#12 {main}\",\"File\":\"\\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/User\\\/Database.php\",\"Line\":375}","userAgent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/64.0.3282.140 Safari\/537.36 Edge\/17.17134","version":"13.0.2.1"}

[nextcloud-bot]

Hey, this issue has been closed because the label stale is set and there were no updates for 14 days. Feel free to reopen this issue if you deem it appropriate.

(This is an automated comment from GitMate.io.)

[tflidd]

Reported by different users and still an issue: https://help.nextcloud.com/t/reporting-bugs-pointless-after-reporting-they-get-stale-and-are-auto-closed/33695

@jospoortvliet can you find somebody to take a look at?

[andrimont]

Hello,
I have this bug exactly as reported by Col :
https://help.nextcloud.com/t/reset-password-not-working-properly-on-nc13/30492
` I get taken to the following UR and the following error is displayed:

https://nextcloud.example.com/index.php/lostpassword/email 1
Surprising the instance does actually sent the reset password link to the user without issue, the issue it is just the user interface logic seems to be incorrect as of course the email address does exist as it emails it fine.

Definitely seems like a bug I think as two fresh installs with the same issue.`

Why is this case is marked closed ?
Shall we be testing Nextcloud 14 ?

[jospoortvliet]

@andrimont if you see it is no longer present in 14, pls close this. If it is still there, let us know...

[simonbuehler]

have this in 14:

ypeError: Argument 1 passed to OC\Security\Crypto::decrypt() must be of the type string, null given, called in /var/www/cloud.aktionspotenzial.de/htdocs/nextcloud/core/Controller/LostController.php on line 180

    /var/www/cloud.aktionspotenzial.de/htdocs/nextcloud/core/Controller/LostController.php - line 180:

    OC\Security\Crypto->decrypt("*** sensiti ... *")

    /var/www/cloud.aktionspotenzial.de/htdocs/nextcloud/core/Controller/LostController.php - line 146:

    OC\Core\Controller\LostController->checkPasswordResetToken("*** sensiti ... *")

    /var/www/cloud.aktionspotenzial.de/htdocs/nextcloud/lib/private/AppFramework/Http/Dispatcher.php - line 166:

    OC\Core\Controller\LostController->resetform("*** sensiti ... *", "*** sensiti ... *")

    /var/www/cloud.aktionspotenzial.de/htdocs/nextcloud/lib/private/AppFramework/Http/Dispatcher.php - line 99:

    OC\AppFramework\Http\Dispatcher->executeController(OC\Core\Cont ... {}, "resetform")

    /var/www/cloud.aktionspotenzial.de/htdocs/nextcloud/lib/private/AppFramework/App.php - line 118:

    OC\AppFramework\Http\Dispatcher->dispatch(OC\Core\Cont ... {}, "resetform")

    /var/www/cloud.aktionspotenzial.de/htdocs/nextcloud/lib/private/AppFramework/Routing/RouteActionHandler.php - line 47:

    OC\AppFramework\App::main("OC\\Core\\C ... r", "resetform", OC\AppFramew ... {}, { token: "** ... "})

    OC\AppFramework\Routing\RouteActionHandler->__invoke({ token: "** ... "})

    /var/www/cloud.aktionspotenzial.de/htdocs/nextcloud/lib/private/Route/Router.php - line 297:

    call_user_func(OC\AppFramew ... {}, { token: "** ... "})

    /var/www/cloud.aktionspotenzial.de/htdocs/nextcloud/lib/base.php - line 989:

    OC\Route\Router->match("/lostpasswo ... n")

    /var/www/cloud.aktionspotenzial.de/htdocs/nextcloud/index.php - line 42:

    OC::handleRequest()

[cClaude]

I have a very similar issue with Nextcloud 15.0.4

One user report to me that issue, I have create a test account where resetting password work fine, but I get an error with the user account (using username or email).

[no app in context] Error: Exception: key uid is expected to be set in $param at <<closure>>

 0. /var/www/nextcloud/lib/private/legacy/hook.php line 106
    preLoginNameUsedAsUserName({uid: null})
 1. /var/www/nextcloud/lib/public/Util.php line 341
    emit("\\OCA\\Files_Sh ... r", "preLoginNameUsedAsUserName", {uid: null})
 2. /var/www/nextcloud/core/Controller/LostController.php line 237
    emitHook("\\OCA\\Files_Sh ... r", "preLoginNameUsedAsUserName", {uid: null})
 3. /var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php line 166
    email(null)
 4. /var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php line 99
    executeController(OC\Core\Controller\LostController {}, "email")
 5. /var/www/nextcloud/lib/private/AppFramework/App.php line 118
    dispatch(OC\Core\Controller\LostController {}, "email")
 6. /var/www/nextcloud/lib/private/AppFramework/Routing/RouteActionHandler.php line 47
    main("OC\\Core\\Controller\\LostController", "email", OC\AppFramework\ ... {}, {_route: "core.lost.email"})
 7. <<closure>>
    __invoke({_route: "core.lost.email"})
 8. /var/www/nextcloud/lib/private/Route/Router.php line 297
    call_user_func(OC\AppFramework\ ... {}, {_route: "core.lost.email"})
 9. /var/www/nextcloud/lib/base.php line 987
    match("/lostpassword/email")
10. /var/www/nextcloud/index.php line 42
    handleRequest()

POST /index.php/lostpassword/email
from 192.168.1.42 at 2019-02-11T12:33:56+00:00

Is there any workaround ?

[onastvar]

I have same the same issue in Nextcloud v.15.0.5.3

[kesselb]

@cClaude @onastvar @simonbuehler please use https://github.com/nextcloud/server/issues/new?labels=bug%2C+0.+Needs+triage&template=Bug_report.md to report a new issue (and provide the requested information). You have different error messages then the initial issue.

[kesselb]

@colinosullivan do you still see this issue? Usually your are running into this case a) if the same email address is used by different users (in this case it's not clear which account you want to reset) b) the user is disabled.

[colinosullivan]

@kesselb I am still having this issue today on my instance.

The user is a new user with a new email never used on the instance. so I create the account. Sign in once. Then sign out the user, then I try to reset the forgotten password via their email address and I get.

{
"status": "error",
"msg": "Couldn't send reset email. Please make sure your username is correct."
}

I used the email address in this instance to reset the password. When I use the username as the forgotten password field same error as above.

@kesselb I could try upgrading to the very latest version of NC but tbh it seems like this bug or issue hasn't had any attention? Seems like a primary function so wondering am I the only person having this issue.

Thanks
Col

[kesselb]

If you are still running Nextcloud 13 you may update to 14 (or newer) because 13 is end of life.

Tested it with https://demo.nextcloud.com and reset works find for me (create demo instance, login as admin, set email for admin user, trigger password reset).

Seems like a primary function so wondering am I the only person having this issue.

Every setup is different. There is a chance that this error is caused by some edge cases. There is a good coverage of the code by automated tests (https://codecov.io/gh/nextcloud/server/src/master/core/Controller/LostController.php).

[colinosullivan]

Thanks @kesselb

I will upgrade no staging site now to the latest version and see if I've any issues at that stage.

I will post here what version I go to and the tests.

I have no doubt it is some edge case aright as the issues does not seem to be widespread.

Ok, upgrading now. I will post here shortly.

Col

[jospoortvliet]

@colinosullivan if you still see the issue, can you re-open the issue please?