2.1 Can't reset customer password

[sheldonli999]

Steps to reproduce

1. Install Magento 2.1
2. Choose a customer
3. edit the customer
4. click reset password

Expected result

1. send out the password reset email
2. ...

Actual result

1. See the error message: Something went wrong while resetting customer password.
2. [Screenshot, logs]
3. ...

The reason I have to reset the customer password is the customer can't request to reset password either.
Second, when saving address via webapi (Magento\Customer\Api\CustomerRepositoryInterface save), if I dont send password, the password is rehashed, the customer can't login with the current password.

[veloraven]

@sheldonli999 , thank you for report.

Unfortunately I was not able to reproduce the main issue you described.
Could you please provide us with more information? Like versions of PHP, MySQL and web server. Also it can be helpful if you describe settings of your Magento instance: was it fresh install or upgrade from previous version? Do you have many store views? Maybe some other settings.

Additionally, as I see you mentioned two other problems in this ticket:

• that customer was not able to reset his password;
• problem with webapi
  Could you please describe them as separate issues with detailed descriptions and steps? So that it will be easier to track each problem. Additionally I'm not sure what exact steps I should do to reproduce the last mentioned issue.

I was able to change customer's password in three ways:

1. From customer's dashboard
2. Via 'Forgot Your Password?' link
3. From admin area using 'Reset Password' button as described in steps
   So if you provide additional data I can continue investigation.

[dthampy]

@sheldonli999 , the only way I was able to reproduce the error was , when I didn't have a SMTP server installed.

[sheldonli999]

I am able to reproduce the bug easily. Select a customer and edit it (inside admin backend). Click the reset password link, and received an email. Click the link inside the email. Typed in the new password. The error is displayed. Please see the attached screenshot. I can't find any exceptions in the log.

[sheldonli999]

[sheldonli999]

Now click the forget password link on the frontend page (customer page), filled the email address. An error occurred. Please see the attached.

[veloraven]

@sheldonli999 , thank you for screenshots.
Unfortunately I still was not able to reproduce the issue.
Could you please answer my questions from a comment above? Probably you missed it, but your answers can help us in issue reproducing.

[andimov]

According to contributor guide, tickets without response for two weeks should be closed.

[crantron]

@andimov @veloraven : having this issue in 2.1 as well.

[crantron]

This happens if you reset the customer password more than once.

• goto customer
• click reset password
  • correct notification should appear
• click reset password again
  • error, "Something went wrong while resetting password."

[crantron]

this should be re-opened

[thanhv83]

I same error with old customer creat before update to magento 2.1

Customer can't login, massenger: An unspecified error occurred. Please contact us for assistance.
When customer reset password, messenger error: We're unable to send the password reset email.
When i reset password from admin, massenger error: Something went wrong while resetting customer password.
My server:
VPS1: Apache 2.4; php 7.0.10
VPS2: Mysql 5.6
How to fix?

[crantron]

The problem is that there is still an unanswered forgot email. In the database a rp_token gets generated for that client and as long as that exists then you will receive this error. This is NOT a bug. But the error handling should be more descriptive.

To solve go into the database where the users are. update rp_token to null and it will work, or give the system to update itself( like 20 min). I'm assuming when the cron does it's thing.

Cheers.

[thanhv83]

I was check again, some customer still not login.

[Omar-Oleh]

Hi. I have the same problem. When I have reseted password for one customer I can not reset password to another customer from my PC. Please see to class: app/code/Magento/Security/Model/SecurityChecker/Frequency.php, method loadLastRecordCreationTimestamp. This method return the last date when was reseted password(of any customers). I think that it`s wrong because this method must return the last date of any reset ONLY for this customer.

[crantron]

@veloraven : @Omar-Oleh Omar is right, I just checked. This needs to be labeled a bug.

[andimov]

@Omar-Oleh, @crantron
Please, provide steps to reproduce according to the Issue reporting guidelines.

[crantron]

• Create multiple stores
• create a customer for each store
• choose one of those customers to reset the password
  • do not fully reset the password.
  • make sure rp_token and rp_token_created_at != NULL
• now select another customer in a different store.
  • you wont be able to reset the password for ANY other customer while rp_token_created_at for the latter customer still exists.

Expected result
If a reset password token is set for one customer, it shouldn't effect other customers and them resetting their password.

[apurv-anand]

+1 I got the same issue. Will investigate to get you more details, but this issue is real. Please do not close it without diving deep and resolving.
M2.1.1

[crantron]

TO temporarily fix this issue, will have to run often, but run the mysql queries.

UPDATE customer_entity SET rp_token=NULL;
UPDATE customer_entity SET rp_token_created_at=NULL;

you'll then be able to send out notifications.
@apurv-anand

[eCommerceGorilla]

Actually, I have to retract my assertion of it not working. I have been trouble shooting this for a few hours and located the issue not in the core but MageMonkey for Magento 2. Clean install it is working without an issue.

If anyone else is running into this ensure that MageMonkey isn't the issue.

[spyrule]

@eCommerceGorilla Were you able to determine what was it in that extension that was causing this problem?

[eCommerceGorilla]

@spyrule No I actually didn't bother devoting any additional time to the 3rd party extension, it was faster for me to just inject MailChimp api v3 calls into the magento side of subscription events and create a controller to handle the MailChimp webhook for unsubscribes.

[spyrule]

@eCommerceGorilla Hmmm... source code? 😃

[kcsf]

INFURIATING this is. NO customers can login in anymore. They all get the same error:
"An unspecified error occurred. Please contact us for assistance."

And we can't find any error detail in any of the server logs - nor in js console. Which makes all of this ever more infuriating.

Not sure when it started, sometime after upgrading from 2.1.0 to 2.1.6.
We staged the site today and upgraded to 2.1.7 > NO JOY.

Meanwhile - the phone is ringing off the hook & we are loosing orders like crazy.

Please help

[spyrule]

@kcsf Is this new users or existing users ?

[eCommerceGorilla]

@kcsf After disabling all 3rd party extensions are you still encountering the same issue?

[dnadle]

Reopen this. It's been closed for 6 months and still happening.

[ooples]

I agree about reopening this. It happens to me with magento 2.1.7

…

On Jun 6, 2017 11:35 PM, "dnadle" ***@***.***> wrote: Reopen this. It's been closed for 6 months and still happening. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#5260 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AC7uZcdJigTnKH5EKDUQG2N_zMAsSW39ks5sBhqSgaJpZM4I-e3q> .

[kcsf]

@spyrule - problem existed for both new & existing users.
@eCommerceGorilla - yes, still existed after disabling all extensions.

In short; we solved it - after upgrading from 2.1.6 to 2.1.7 & making some changes to the database. We're going to push the changes live next Monday - and I will report back here with the solution when confirmed.

[LucScu]

@kcsf So you solved it?

[kcsf]

Yes, problem solved.
It appears the root of the problem was two missing columns from the "customer_entity" table. I believe the columns "somehow" didn't get created during the migration from 1.9 to 2.1.

Don't quote me, but the sql to add the missing columns went something like this:
ALTER TABLE customer_entity ADD failures_num SMALLINT( 6 ) NULL DEFAULT '0'; ALTER TABLE customer_entity ADD first_failure NULL DEFAULT '0';
If you want to be sure about it - cross-reference a the customer_entity table on a clean Mage 2.1.6 install. You should see whether or not you have what you need.

[dnadle]

@kcsf My customer_entity table already has those columns.

[gcampedelli]

I was receiving this same error everyone describes here. Then, I checked if I had postfix installed in my Ubuntu. I t was not. I then installed it in the system and configured it to site. After that error just disappeared.
Hope this can help others.
Best,
Gabriela

[dnadle]

@gcampedelli Not having postfix installed would explain why your reset emails were not going out. The bug in question here occurs when either the admin resets a customer's password, or the customer requests a 2nd reset email before receiving or responding to the first reset email. When that happens the customer enters a state that prevents them from resetting the password. It's a bug, still present in 2.1.6, 7+ months after it was closed here.

[gcampedelli]

For me it is working either way after postfix install. I went to admin >store configuration> customer > Customer configuration > passwords and I've set Max Number of Password Reset Requests to 1000 and the error has gone away so far. So, those who are asking to reopen the topic can try this method I described. Check postfix and change configuration. Let me know if it fix the issue.

[galaxysteph]

Just encountered this on Magento 2.1.5.

[spyrule]

So for me it was a 3rd party extension that didn't contain all of the proper fields in its config or system.xml file (I cannot remember at this point). For me it was the well documented Solwin extension that had a bunch of missing information. I removed it, and suddenly all of my password reset functionality worked as expected. 🤷‍♂️

[hemendraajmera]

I am still facing issue on magento 2.1.8 We're unable to send the password reset email.

[alpha-buerobedarf]

I was facing this issue in 2.2 as well, \Magento\Security\Model\SecurityChecker\Quantity and \Magento\Security\Model\SecurityChecker\Frequency are using a bad query ,

'SELECT * FROM password_reset_request_event AS main_table WHERE (request_type = '0')

AND ((ip = '127.0.0.1') OR (account_reference = 'mail@this-is.not-a-domain.com'))

ORDER BY created_at DESC

LIMIT 1'

If you are using Varnish and take a look in table password_reset_request_event, all customers get the same ipaddress. So if there is any active passwort reset request, all others will be blocked.

[yuvraj993]

I am still facing issue on magento 2.2 We're unable to send the password reset email from web and not working from REST API
http://host/magento22/rest/V1/customers/password
{
"email": "xyz@mailinator.com",
"template": "reset_password",
"websiteId": 1
}

[BernardRobbins]

I've tracked down the "An unspecified error occurred. Please contact us for assistance." error message to LoginPost.php line 189 in Magento 2.1.9. It was being caused by a table from another module was missing. Adding $e->getMessage() to that message will output why the login is failing. I have MAGE_MODE set to developer and looked in all the logs and never seen this exception.

[100rabhMisra]

I have also faces this issue. I did it everything all suggestions but still faces same issue yet.. Anybody have another suggestion .. my issue is also - i have not resetting password from the admin side as well as frontend also..
Kindly give me suggestions what I do ?

[nawabamit]

set new password not working when customer want to reset in magento 2. its load the page after submit and nothing happen.
note-Always show (Please enter a new password) i have change multiple time new passwords

[dirtbound]

I am also having this issue with Magento 2.2.2, I get transactional emails as expected. However, trying to reset the customer password both through the admin or front-end both results in no email being sent. I am not seeing any errors while checking the log or submitting the reset request.

[dkinseytmg]

I am also having this issue. It appears to be due to website URLs that are different then the default URL.

I'm using php7.0 and am on 2.1.11

Assuming my default URL is store.domain.com and I'm logged into the admin at store.domain.com/admin and I view all customers and select a customer who is associated with store2.domain.com. I click the Reset Password button and the transactional email goes out as expected. When viewing the email, the reset password link is store.domain.com/customer/account/createpassword/ whereas I would expect the link to be store1.domain.com/customer/acccount/createpassword/

This whole process seems a bit buggy.
\Magento\Customer\Controller\Adminhtml\Index\ResetPassword::execute() loads the customer object using the customer ID passed in the request parameters and then passes the customer email to \Magento\Customer\Model\AccountManagement::initiatePasswordReset($email, $template, $websiteId)
At this point AccountManagement::initiatePasswordRest attempts to reload the customer object using the email and website ID that were passed to the method. Then with that newly built customer object, \Magento\Customer\Model\EmailNotification::passwordReminder($customer) is called.
This is where I think it is broken... EmailNotification::passwordReminder then attempts to load the storeId from storeManager->getStore()->getId(). If $storeId is still empty at this point, it then gets the store ID from the customer object.

My questions are:

1. Why not just pass the customer object to AccountManagement::initiatePasswordReset from ResetPassword::execute instead of the customer email and website ID? This would prevent having to rebuild the customer object in AccountManagement::initiatePasswordReset.

2. Why is it even attempting to load the store ID from storeManager when the customer object is available as a function argument in EmailNotification::passwordReminder?

My solution:
I overriden EmaliNotification::passwordReminder.

Original --

public function passwordReminder(CustomerInterface $customer)
{
    $storeId = $this->storeManager->getStore()->getId();
    if (!$storeId) {
        $storeId = $this->getWebsiteStoreId($customer);
    }

    $customerEmailData = $this->getFullCustomerObject($customer);

    $this->sendEmailTemplate(
        $customer,
        self::XML_PATH_REMIND_EMAIL_TEMPLATE,
        self::XML_PATH_FORGOT_EMAIL_IDENTITY,
        ['customer' => $customerEmailData, 'store' => $this->storeManager->getStore($storeId)],
        $storeId
    );
}

New --

public function passwordReminder(CustomerInterface $customer)
{
    $storeId = $this->getWebsiteStoreId($customer);

    $customerEmailData = $this->getFullCustomerObject($customer);

    $this->sendEmailTemplate(
        $customer,
        self::XML_PATH_REMIND_EMAIL_TEMPLATE,
        self::XML_PATH_FORGOT_EMAIL_IDENTITY,
        ['customer' => $customerEmailData, 'store' => $this->storeManager->getStore($storeId)],
        $storeId
    );
}

[msliman]

I have a different bug, which is customerId and token are always empty. I print them in public function execute() in file vendor/magento/module-customer/Controller/Account/CreatePassword.php. more details are here

https://magento.stackexchange.com/questions/212210/your-password-reset-link-has-expired-magento-2
https://magento.stackexchange.com/questions/212340/reset-password-problem-magento-2

Kindly advice.

[crantron]

@msliman you should open another if different.

[joshgrillo]

I had same error of too many password reset requests from backend on 2.2.3. It would allow me to do one, but then no more after that. This fix worked for me: https://magento.stackexchange.com/questions/199984/password-reset-throws-something-went-wrong-while-resetting-customer-password-e