Password recovery with FOS User bundle

0
votes

I'm trying to make password recovery using FOSUser.Mostly everything works fine for me till the moment when I try to go to the reset password page.

I have got on my email link like this:

http://localhost/yaaholidays/web/app_dev.php/en/resetting/reset/RYPuGNDgSel85v1Kcj3lrIqPRhuYt5inh3VQAOlRPgk

but when I try to go on it, FOS redirect me on

/resetting/request path

This is what I have in my log file:

[2017-02-21 13:22:18] request.INFO: Matched route "fos_user_resetting_reset". {"route":"fos_user_resetting_reset","route_parameters":{"_controller":"FOS\UserBundle\Controller\ResettingController::resetAction","_locale":"en","token":"RYPuGNDgSel85v1Kcj3lrIqPRhuYt5inh3VQAOlRPgk","_route":"fos_user_resetting_reset"},"request_uri":"http://localhost/yaaholidays/web/app_dev.php/en/resetting/reset/RYPuGNDgSel85v1Kcj3lrIqPRhuYt5inh3VQAOlRPgk","method":"GET"} []

[2017-02-21 13:22:18] security.INFO: Populated the TokenStorage with an anonymous Token. [] []

[2017-02-21 13:22:18] doctrine.DEBUG: SELECT t0.username AS username_1, t0.username_canonical AS username_canonical_2, t0.email AS email_3, t0.email_canonical AS email_canonical_4, t0.enabled AS enabled_5, t0.salt AS salt_6, t0.password AS password_7, t0.last_login AS last_login_8, t0.confirmation_token AS confirmation_token_9, t0.password_requested_at AS password_requested_at_10, t0.roles AS roles_11, t0.id AS id_12, t0.salutation AS salutation_13, t0.first_name AS first_name_14, t0.surname AS surname_15, t0.phone_number AS phone_number_16, t0.profile_picture AS profile_picture_17, t0.languages AS languages_18, t0.address AS address_19, t0.agency AS agency_20 FROM fos_user t0 WHERE t0.confirmation_token = ? LIMIT 1 ["RYPuGNDgSel85v1Kcj3lrIqPRh [...]"] []

[2017-02-21 13:22:18] request.INFO: Matched route "fos_user_resetting_request". {"route":"fos_user_resetting_request","route_parameters":{"_controller":"FOS\UserBundle\Controller\ResettingController::requestAction","_locale":"en","_route":"fos_user_resetting_request"},"request_uri":"http://localhost/yaaholidays/web/app_dev.php/en/resetting/request","method":"GET"} []

[2017-02-21 13:22:18] security.INFO: Populated the TokenStorage with an anonymous Token. [] []

[2017-02-21 13:22:18] translation.WARNING: Translation not found. {"id":"Telefon","domain":"messages","locale":"en"} []

[2017-02-21 13:22:19] request.INFO: Matched route "_wdt". {"route":"_wdt","route_parameters":{"_controller":"web_profiler.controller.profiler:toolbarAction","token":"6f0aa9","_route":"_wdt","_locale":"en"},"request_uri":"http://localhost/yaaholidays/web/app_dev.php/_wdt/6f0aa9","method":"GET"} []

Does anybody know why FOS redirects me on page of password recovery request instead of set new password page?

1
phpsymfonyfosuserbundle

1 Answers

3
votes

By reading your logs, it seems that the password reset request has expired. Is your link expired ?

In the controller FOS\UserBundle\Controller\ResettingController, the event RESETTING_RESET_INITIALIZE is added just after getting user from token and then the listener ResettingListener is called. In this listener, the method onResettingResetInitialize (that manage RESETTING_RESET_INITIALIZE event) checks if the password request is expired and redirect to route fos_user_resetting_request if it is :

/**
 * @param GetResponseUserEvent $event
 */
public function onResettingResetInitialize(GetResponseUserEvent $event)
{
    if (!$event->getUser()->isPasswordRequestNonExpired($this->tokenTtl)) {
        $event->setResponse(new RedirectResponse($this->router->generate('fos_user_resetting_request')));
    }
}

If you have just received the email to reset your password and the link isn't already expired, check your fosuser configuration in config.xml.

If you have something like this : 

fos_user:
  resetting:
    token_ttl: 0

Then your token ttl will never be valid. In this case, change token ttl to 86400 (1 day) for example.