Description:
If user has email with at least of one upper case letter - he is unable to reset password by "Forgot your password" form.
Steps to reproduce:
- Create user or change one of the user email in database with upper case letter (Xxxx@yyy.zzz)
Via GUI:
2. Log out.
3. Try to reset password by "Forgot your password" form.
OR
Via CURL:
2. Make Curl request to ../api/v1/users.forgotPassword
for example: curl -H "Content-type:application/json" http://your.server/api/v1/users.forgotPassword -d '{ "email": "Xxxx@yyy.zzz" }'
- you will get error:
{"success":false,"error":"User not found"}
Expected behavior:
Expected to receive email with reset password token.
And success message via Curl {"success":true}
Actual behavior:
Server Setup Information:
- Version of Rocket.Chat Server: v3.8.0 , v3.6.2, v3.3.3 ( of Docker Image
rocketchat/rocket.chat)
- Operating System: host machine - centos7 , docker v 19.03.11
- Deployment Method: docker
- Number of Running Instances: 1
- DB Replicaset Oplog: Enabled
- NodeJS Version: v12.18.4 (for Rocket v3.8.0)
- MongoDB Version: 4.0.9
Client Setup Information
- Desktop App or Browser Version: Chrome 86.0.4240.111, FireFox 79.0
- Operating System: Windows10 1903 x64, Centos7 1908
Additional context
(RocketChat v3.8.0)
I see in /app/bundle/programs/server/packages/accounts-password.js in Meteor.methods forgotPassword line 708 function Accounts.sendResetPasswordEmail(user._id, caseSensitiveEmail) - I think parameter caseSensitiveEmail should do something exactly for this case... I hope this save your time for start.
Relevant logs:
Curl Request:
curl -k -H "Content-type:application/json" http://rocket-dev.local/api/v1/users.forgotPassword -d '{ "email": "My-user@my-server.com" }'
Response:
{"success":false,"error":"User not found"}
RocketCat Logs:
I20201119-15:51:50.627(0) server.js:204 API ➔ debug POST: /api/v1/users.forgotPassword I20201119-15:51:50.628(0) sendForgotPasswordEmail { id: 'AtGhhzRFeeNMPf5Js', clientAddress: '172.18.0.1', httpHeaders: { host: 'rocket-dev.local', 'user-agent': 'curl/7.29.0', 'content-length': '33', accept: '*/*', 'content-type': 'application/json', 'x-forwarded-for': '172.18.0.1', 'x-forwarded-host': 'rocket-dev.local', 'x-forwarded-port': '80', 'x-forwarded-proto': 'http', 'x-forwarded-server': 'traefik', 'x-real-ip': '172.18.0.1', 'accept-encoding': 'gzip' }, userId: undefined } I20201119-15:51:50.629(0) server.js:204 Meteor ➔ method sendForgotPasswordEmail -> userId: undefined, arguments: ["My-user@my-server.com"] I20201119-15:51:50.632(0) server.js:204 API ➔ debug Failure { statusCode: 400, body: { success: false, error: 'User not found', stack: undefined } }
Description:
If user has email with at least of one upper case letter - he is unable to reset password by "Forgot your password" form.
Steps to reproduce:
Via GUI:
2. Log out.
3. Try to reset password by "Forgot your password" form.
OR
Via CURL:
2. Make Curl request to
../api/v1/users.forgotPasswordfor example:
curl -H "Content-type:application/json" http://your.server/api/v1/users.forgotPassword -d '{ "email": "Xxxx@yyy.zzz" }'{"success":false,"error":"User not found"}Expected behavior:
Expected to receive email with reset password token.
And success message via Curl
{"success":true}Actual behavior:
Server Setup Information:
rocketchat/rocket.chat)Client Setup Information
Additional context
(RocketChat v3.8.0)
I see in
/app/bundle/programs/server/packages/accounts-password.jsinMeteor.methodsforgotPasswordline 708 functionAccounts.sendResetPasswordEmail(user._id, caseSensitiveEmail)- I think parametercaseSensitiveEmailshould do something exactly for this case... I hope this save your time for start.Relevant logs:
Curl Request:
curl -k -H "Content-type:application/json" http://rocket-dev.local/api/v1/users.forgotPassword -d '{ "email": "My-user@my-server.com" }'Response:
{"success":false,"error":"User not found"}RocketCat Logs:
I20201119-15:51:50.627(0) server.js:204 API ➔ debug POST: /api/v1/users.forgotPassword I20201119-15:51:50.628(0) sendForgotPasswordEmail { id: 'AtGhhzRFeeNMPf5Js', clientAddress: '172.18.0.1', httpHeaders: { host: 'rocket-dev.local', 'user-agent': 'curl/7.29.0', 'content-length': '33', accept: '*/*', 'content-type': 'application/json', 'x-forwarded-for': '172.18.0.1', 'x-forwarded-host': 'rocket-dev.local', 'x-forwarded-port': '80', 'x-forwarded-proto': 'http', 'x-forwarded-server': 'traefik', 'x-real-ip': '172.18.0.1', 'accept-encoding': 'gzip' }, userId: undefined } I20201119-15:51:50.629(0) server.js:204 Meteor ➔ method sendForgotPasswordEmail -> userId: undefined, arguments: ["My-user@my-server.com"] I20201119-15:51:50.632(0) server.js:204 API ➔ debug Failure { statusCode: 400, body: { success: false, error: 'User not found', stack: undefined } }