2nd mail in the password reset flow not generated/sent

[PacifistCC]

I have a user which tries to use the forgotten password functionality. The user got imported from SMF 1.x to IPB 3.x and then to XenForo 1.0.2 and somehow the password didn't get converted correctly (not a big deal).

The first mail is generated and sent successfully. The user receives the mail and clicks on the link.
The request is handled by the web server with a status code of 200, but no mail with the new password is handed over from the default PHP mailer to the SMTP server (nothing in Postfix' log).

Further requests to the same link are handled by the server with a status code of 307 (redirects to start of forum).

Oddly enough the password forgotten flow works fully when I try it with one of my accounts.

I'd be thankful for any advice where to look further in order to narrow down the problem.

 

[Mike]

First, thanks for the technical details - they help. The mail logs are probably the best debugging tool.

However, I'm not really seeing how this could happen unfortunately. I suppose there is a case where they could get a "password not reset", but it's somewhat unlikely that they'd get 307s afterwards... unless they weren't logged in the first time, got an error, and somehow managed to get logged in before clicking the link again.

This is handled by library/XenForo/ControllerPublic/LostPassword.php (around line 100). The reset code is in library/XenForo/Model/UserConfirmation.php (around line 220).