When I have a user reset their password, I get this odd message in my logs. It doesn’t break anything and the user is able to reset their password, but the bright red error message bugs the hell out of me and makes the product look clunky.
This is the message I’m getting from my log on the problem.
I do not have any password policies in place. I have even tried enabling password policies to see if it would generate this ‘token’ but that didn’t work. I’m not sure what token it is referring to honestly and can’t seem to find any mention of it in the documentation.
Version of Rocket.Chat Server: 5.0.3
Operating System: Ubuntu 22.04
Deployment Method: DigitalOcean 1 click
Number of Running Instances: 1
NodeJS Version: 14.19.3
MongoDB Version: 5.0.6
Hi!
Maybe this is related to this issue?
opened 03:07PM - 28 Jun 21 UTC
<!--
Please see our guide for opening issues: https://rocket.chat/docs/contr… ibuting/reporting-issues
If you have questions or are looking for help/support please see: https://rocket.chat/docs/getting-support
If you are experiencing a bug please search our issues to be sure it is not already present: https://github.com/RocketChat/Rocket.Chat/issues
-->
### Description:
### Steps to reproduce:
1. Disable `Accounts_TwoFactorAuthentication_By_Email_Enabled`
2. Create user via API
3. First login using credentials
### Expected behavior:
Password policy should be shown
### Actual behavior:
An error `[undefined]` will be shown:
Relevant Request:
```
{"message":"{\"msg\":\"method\",\"method\":\"getPasswordPolicy\",\"params\":[{}],\"id\":\"12\"}"}
```
Relevant Response:
```
{"message":"{\"msg\":\"result\",\"id\":\"12\",\"error\":{\"message\":\"Match error: Missing key 'token'\",\"path\":\"\",\"sanitizedError\":{\"isClientSafe\":true,\"error\":400,\"reason\":\"Match failed\",\"message\":\"Match failed [400]\",\"errorType\":\"Meteor.Error\"},\"errorType\":\"Match.Error\"}}","success":true}
```
### Server Setup Information:
- Version of Rocket.Chat Server: 3.15.1 (but 3.16.0 as well)
- Operating System: not relevant
- Deployment Method: docker
- Number of Running Instances: not relevant
- DB Replicaset Oplog: not relevant
- NodeJS Version: not relevant
- MongoDB Version: not relevant
### Client Setup Information
- Desktop App or Browser Version: not relevant
- Operating System: not relevant
### Additional context
Relevant code:
https://github.com/RocketChat/Rocket.Chat/blob/master/server/methods/getPasswordPolicy.js#L8-L17
As the user does not perform a regular password reset but login for the first time, a `token` is not provided, therefore an error is thrown. From my point of view checking the existence of a user (using a password reset token) is superfluous and could be completely removed (correct me if I'm wrong).
Also, I think a proper error message would be helpful as well.
### Relevant logs:
not relevant
The hard part here is to replicate the error, making it easy to the dev team to tackle it.
That sounds fairly close to the what I’m seeing. It happens anytime the user has to change their password. If I force a reset form the admin console, after they login and reset their password that message appears.
Hi!
Just noticed a recent PR that was merged into develop that touches this part of the code base and can potentially fix this isse:
committed 03:10PM - 17 Aug 22 UTC
If you want to test it, you can spin up a docker instance, and change the image tag to develop , so you can get the latest image.
Also, consider joining our Beta Testers Channel and help us testing new fix and features.
Thanks!