I was too quick with the "No action needed" marker. It apperars that the new password I create in reset_password is not saved in the DB.
1. I type new password 2 times in the form 2. I submit the form. "Password changed" flash appears and I get automatically logged in 3. After I log out and try to log in with the new password - "Invalid login" flash shows up Are there any known reasons for such behaviour? On Saturday, July 27, 2013 2:54:21 AM UTC+2, Anthony wrote: > > The request_reset_password form gets a custom formname, so it doesn't > conflict with other forms on the page. This is not the case for the > reset_password form, hence the problem. > > Anthony > > On Friday, July 26, 2013 7:09:02 PM UTC-4, lesssugar wrote: >> >> OK, I figured it out. I have a hidden feedback form on every page >> (generated with LOAD), which appears onclick. So basically when I go to >> default/user/reset_password I have two forms on one page. I followed >> instructions from the book and the problem is solved: >> http://web2py.com/books/default/chapter/29/07/forms-and-validators#Multiple-forms-per-page >> >> Still, I'm not sure why everything worked fine on the >> request_reset_password page. In this case there are also two forms per >> page, however, they never collided. >> >> Anyway, thanks, Anthony. >> >> On Friday, July 26, 2013 9:54:32 PM UTC+2, Anthony wrote: >>> >>> Hmm, hard to say what's going on then, especially given that you can't >>> replicate the problem in a fresh app. >>> >>> On Friday, July 26, 2013 11:23:01 AM UTC-4, lesssugar wrote: >>>> >>>> Checked it. >>>> >>>> After the form loads, session['_formkey[no_table/create]'] is the same >>>> as the _formkey value in the form. Guess this makes it rather more >>>> confusing. >>>> >>>> On Friday, July 26, 2013 5:07:26 PM UTC+2, Anthony wrote: >>>>> >>>>> After the page with the reset password form has been loaded, you can >>>>> see if there is a _formkey[no_table/create] key in the session and >>>>> confirm >>>>> the value stored there is the same as the value in the hidden _formkey >>>>> field in the form on the HTML page. >>>>> >>>>> Anthony >>>>> >>>>> On Friday, July 26, 2013 10:51:39 AM UTC-4, lesssugar wrote: >>>>>> >>>>>> It could be something with the session. As I wrote: the first form >>>>>> (request_reset_password) works fine - it validates, it sends email with >>>>>> reset link. But after the link is clicked and the reset_password form >>>>>> appears - the form is useless, new password can't be created. >>>>>> >>>>>> You wrote that it's possible that the _formkey check does not pass >>>>>> when submitting. Any ideas how to debug in such case? If it's not this, >>>>>> it >>>>>> could be everything. >>>>>> >>>>>> On Thursday, July 25, 2013 8:34:38 PM UTC+2, Anthony wrote: >>>>>>> >>>>>>> When the form doesn't validate but you get no error messages, it >>>>>>> often means the _formkey checked didn't pass (the _formkey is stored in >>>>>>> the >>>>>>> session, so often this is due to an issue with the session or cookies). >>>>>>> >>>>>>> Anthony >>>>>>> >>>>>>> On Thursday, July 25, 2013 1:50:09 PM UTC-4, lesssugar wrote: >>>>>>>> >>>>>>>> No. Cookies are on. I'm not clearing the session explicitly >>>>>>>> anywhere in the code neither. Just created dummy app to test password >>>>>>>> reset >>>>>>>> - and validation works fine in both forms (requesting reset, creating >>>>>>>> new >>>>>>>> password). default/user function of the dummy application is standard >>>>>>>> and >>>>>>>> it looks just like mine. No idea what's going on, but it definitely >>>>>>>> must be >>>>>>>> my fault somehow. >>>>>>>> >>>>>>>> I'll keep digging. Let you know if I find the bug. >>>>>>>> >>>>>>>> On Thursday, July 25, 2013 6:08:38 PM UTC+2, Anthony wrote: >>>>>>>>> >>>>>>>>> Is it possible that cookies are disabled or that the session is >>>>>>>>> somehow getting cleared (e.g., session.forget() or session.clear())? >>>>>>>>> >>>>>>>>> On Thursday, July 25, 2013 11:49:54 AM UTC-4, lesssugar wrote: >>>>>>>>>> >>>>>>>>>> When submitting the form with different passwords - the page >>>>>>>>>> reloads and that's it. No validation, no error response.flash, >>>>>>>>>> nothig. The >>>>>>>>>> same issue occurs with the same passwords and with empty inputs. >>>>>>>>>> >>>>>>>>>> web2py version: 2.4.7-stable >>>>>>>>>> >>>>>>>>>> On Thursday, July 25, 2013 5:44:18 PM UTC+2, Anthony wrote: >>>>>>>>>>> >>>>>>>>>>> What happens if the passwords are different? Which version of >>>>>>>>>>> web2py? >>>>>>>>>>> >>>>>>>>>>> On Thursday, July 25, 2013 11:14:21 AM UTC-4, lesssugar wrote: >>>>>>>>>>>> >>>>>>>>>>>> Thanks, Anthony, I removed the if statement and it worked for >>>>>>>>>>>> request_reset_password. >>>>>>>>>>>> >>>>>>>>>>>> However, after I click the link sent to e-mail address, the >>>>>>>>>>>> reset_password form still doesn't process "New password" and >>>>>>>>>>>> "Verify >>>>>>>>>>>> password" fields. The inputs can be empty, the passwords can be >>>>>>>>>>>> different - >>>>>>>>>>>> no validation is performed. >>>>>>>>>>>> >>>>>>>>>>>> On Thursday, July 25, 2013 4:51:46 PM UTC+2, Anthony wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> def user(): >>>>>>>>>>>>>> >>>>>>>>>>>>>> auth.settings.formstyle = 'divs' >>>>>>>>>>>>>> >>>>>>>>>>>>>> if request.args(0) == 'request_reset_password': >>>>>>>>>>>>>> auth.request_reset_password(next = URL('default', >>>>>>>>>>>>>> 'index')) >>>>>>>>>>>>>> >>>>>>>>>>>>>> return dict(form=auth()) >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Your code is creating and processing the form twice. >>>>>>>>>>>>> auth.request_reset_password(...) creates and processes the >>>>>>>>>>>>> form (though you aren't storing that version in a variable and >>>>>>>>>>>>> passing it >>>>>>>>>>>>> to the view). Then, form=auth() once again calls >>>>>>>>>>>>> auth.request_reset_password(), which creates and processes >>>>>>>>>>>>> the form a second time. When the form is submitted, the first >>>>>>>>>>>>> call >>>>>>>>>>>>> processes the form and does the validation, but the second call >>>>>>>>>>>>> then >>>>>>>>>>>>> creates a new form. You can simply eliminate that whole "if" >>>>>>>>>>>>> segment from >>>>>>>>>>>>> your code -- form=auth() will take care of everything. >>>>>>>>>>>>> >>>>>>>>>>>>> Anthony >>>>>>>>>>>>> >>>>>>>>>>>>> -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.