Password Reset e-mail not using mail settings

Support
1

There was a bug fix in 1.4.7, which seems to have found its way back in to the 1.5.4 code. When you confgure IP to use SMTP for e-mail, the “I forgot my password” link does not honour these settings. Instead, it defaults to using PHPmail. The result of this is an attempt to send an e-mail from “system@sitedomain.tld”, instead of the address configured in the SMTP settings.

The 1.4.7 bugfix was resolved in https://development.invoiceplane.com/browse/IP-401

Is there an easy workaround? I’ve had to add “system@sitedomain.tld” as a mail alias temporarily, however I would like to remove this as soon as practicable as “system@” tends to be a go-to alias for spammers :slight_smile:

2 Likes
2

I’ve created a “critical” bug ticket for this, as it wll prevent users in some environments from utilising the “lost password” functionality.

https://development.invoiceplane.com/browse/IP-596

3

I’m a bit lost because I’ve added some logs message and for me the password reset function goes to the if-loop :

if (mailer_configured()) { }

And when I display the

get_setting('email_send_method')

I have “smtp” in my log.

(I couldn’t finish the test as I got a smtp error which is also log … but I change it to PHPMail or SendMail I got the error you describe but not any SMTP errors as I could have when SMTP is setup in IP)

4

I have faced a problem today since i forget my password, i tried to use the forget password button, But received an error here: " An error occurred while trying to send your password reset email. Please review the application logs or contact the system administrator."

Since Im not sure whether i have configured SMTP settings. So thought it may be throwing an error because of SMTP not configured. I stuck here and thought of resetting pwd at DB level or configure manually at php config files for SMTP.

I got some luck, while searching solutions, i found a log file under location /var/www/invoiceplane/application/logs/ log-2019-12-03.php (this file located at invoiceplane docker image)
I found the entry for passwd reset link which its supposed to attach over email. :smile:
href=3D=22http://x.x.x.x:10080/index.php/sessions/passwordreset/c59072e1673a44feefrf32b97416ba34

i copied this link and pasted it over the browser. The miracle happened i got the link and i reset the password.

I’m happy and want to share if anyone encounters the same kind of issue.

Note : I’m not sure if this is a security hole, but it saves me. Great. Thanks