Email Password Change via Webmail not working

Anyone else having problems with this? I’ve tried it in both Roundcube and Rainloop, and I get errors in both. Not very helpful errors. I’m on latest version 1.4.2

I remember experiencing this a couple of years ago and it was due to the roundcube config not being updated with the correct HESTIA port, where it had been changed from the default. Seems the correct port is set in rainloop plugin ini file and in roundcube plugins/password/config file

I’ve tried different passwords from simple to very complex, so that’s not it either.
Roundcube logfiles in /ver/log/nginx/domains/ don’t show anything, other than the password module is being accessed. No errors.

Rainloop log needs to be turned on, and is a bit more helpful: It looks like a 401 authorization error.

[07:20:02.480][ab9ded35] AJAX[NOTE]: Action: DoChangePassword
[07:20:02.480][ab9ded35] POST[DATA]: {“PrevPassword”:“*******”,“NewPassword”:“P",“Action”:“ChangePassword”,“XToken”:“606cc8737a52a95df43ebdb5b2d49e79”}
[07:20:02.484][ab9ded35] INFO[DATA]: Hestia: Try to change password for [email protected]
[07:20:02.484][ab9ded35] INFO[DATA]: Hestia[Api Request]:https://hestia.server.com:9090/reset/mail/
[07:20:02.484][ab9ded35] INFO[DATA]: cURL: Send post request: https://hestia.server.com:9090/reset/mail/
[07:20:02.503][ab9ded35] INFO[DATA]: cURL: Post request result: (Status: 401, ContentType: )
[07:20:02.503][ab9ded35] INFO[WARNING]: cURL: Error: The requested URL returned error: 401 Unauthorized
[07:20:02.503][ab9ded35] INFO[DATA]: Hestia[Error]: Empty Response: Code:401
[07:20:03.504][ab9ded35] INFO[NOTICE]: Error: Can’t change password for [email protected] account.
[07:20:03.504][ab9ded35] INFO[NOTICE]: RainLoop\Exceptions\ClientException: CouldNotSaveNewPassword[130] in /var/lib/rainloop/rainloop/v/1.16.0/app/libraries/RainLoop/Providers/ChangePassword.php:79
Stack trace:
#0 /var/lib/rainloop/rainloop/v/1.16.0/app/libraries/RainLoop/Actions.php(5144): RainLoop\Providers\ChangePassword->ChangePassword(Object(RainLoop\Model\Account), '
‘, ‘*******P’)
#1 /var/lib/rainloop/rainloop/v/1.16.0/app/libraries/RainLoop/ServiceActions.php(174): RainLoop\Actions->DoChangePassword()
#2 /var/lib/rainloop/rainloop/v/1.16.0/app/libraries/RainLoop/Service.php(151): RainLoop\ServiceActions->ServiceAjax(’‘)
#3 /var/lib/rainloop/rainloop/v/1.16.0/app/libraries/RainLoop/Service.php(62): RainLoop\Service->localHandle()
#4 /var/lib/rainloop/rainloop/v/1.16.0/app/libraries/RainLoop/Service.php(85): RainLoop\Service->__construct()
#5 /var/lib/rainloop/rainloop/v/1.16.0/app/handle.php(94): RainLoop\Service::Handle()
#6 /var/lib/rainloop/rainloop/v/1.16.0/include.php(243): include(’/var/lib/rainlo…‘)
#7 /var/lib/rainloop/index.php(13): include(’/var/lib/rainlo…')
#8 {main}
[07:20:03.504][ab9ded35] AJAX[DATA]: {“Action”:“ChangePassword”,“Result”:false,“ErrorCode”:130,“ErrorMessage”:”“,“ErrorMessageAdditional”:”",“Time”:1054}
[07:20:03.510][ab9ded35] INFO[MEMORY]: Memory peak usage: 4MB
[07:20:03.510][ab9ded35] INFO[TIME]: Time delta: 1.0595219135284

1 Like

If you want please create an bug report at Github. I will look when I have time / the possibility

Before it is lost

1 Like

I can confirm on two Hestia Instances that rainloop is unable to update the password but roundcube is working just fine.

Thanks Eris. I was just heading out the door and didn’t have time to do that yesterday

Just checked an on RoundCube it works fine even with the 1.4.10 version via the migration script.

Check you check if
/etc/roundcube/plugins/password/config.inc.php

Has the correct values in it:

// Control Panel host
$rcmail_config['password_hestia_host'] = 'host.name.com';
$rcmail_config['password_hestia_port'] = '8083';

/etc/roundcube/plugins/password/config.inc.php does indeed have the correct values in it. I’ve also tried localhost and 127.0.0.1 for the host.

Side note: as its the updated version it uses $config instead of $rcmail_config at the front of all variables, but that’s consistent across the whole config, so not the cause of the problem. And I can see errors when I change the hostname to something else, so I know its picking up that config file.

Will have another look at this later. Been busy for the last week.

OK so I took another look, although I should have been doing work! I traced the cause (at least of the roundcube failure) back to the fact I have a stanza in /usr/local/hestia/nginx/conf/nginx.conf which implements auth_basic authorisation. If I remove that, then the password change works. If I replace it, it stops working again. So that’s the cause.

I realize that my warranty is at this point void. But I’m pretty sure roundcube password change was working OK before, and I’ve been doing this auth_basic Hestia Control Panel hack on a lot of servers over the years. So something changed recently which has incapacitated it, and I’d still like to be able to have password protection on myserver:8083 while being able to change passwords on the webmail.

I’ve looked at the new API settings, and have tried ALLOWing various IP addresses in there, server IP, remote IP, remove IPv6.
I’ve looked in /usr/local/hestia/web/mail/reset/index.php and disabled IP address checks but that doesn’t seem to help.
My understanding is that both the Hestia Web Interface and the Roundcube Password reset are accessing
https://hestia.domain.com:8083/reset/mail/index.php
In both cases I’m authenticated with the same auth_basic user/password. But it works in one case, but not in the other.
I’ve also tried making an exclusion for that URL in /usr/local//hestia/nginx/conf/nginx.conf (auth_basic = “off” ) but that didn’t work either.

I realise that you’re under no obligation to help me now that I’ve revealed that it was one of my own modifications that got me into this, but if you have any ideas where to look next, I’d appreciate it.

If I can’t figure it out, maybe I might suggest, as a future feature, the ability to put an additional nginx auth_basic password on Hestia CP login.

I have still seen a bug in rainloop where it doesn’t change the port number when you run v-change-sys-port

Changing email still works on the same way as VestaCP does and and it haven’t been changed…

OK, I think I have something here which seems to be working. Original stanza in nginx.conf was this

    location / {
        expires off;
        index index.php;
    }

My amended, previously working basic_auth config was this

    location / {
        auth_basic "Restricted Content";
        auth_basic_user_file /etc/nginx/admin.passwd;
        expires off;
        index index.php;
    }

I now find I need to use the following, which will turn off basic auth to allow mail password reset

    location / {
            location /reset/mail/ {
                auth_basic "off";
            }
        auth_basic "Restricted Content";
        auth_basic_user_file /etc/nginx/admin.passwd;
        expires off;
        index index.php;
    }

I tried a lot of different things, and it seems only by embedding the ‘location /reset/mail/’ stanza inside the ‘location /’ stanza, will it actually work. Maybe this will help someone in the future. I’ll leave everyone in peace now.

PS. This also fixed my Rainloop change password problem, although I think I fixed the port/host issue manually a few days ago while debugging. So case closed as far as I’m concerned.

Have fixed the issue locally will need to push a pull request later today

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.