Password reset email config

Hi OME team,

I successfully upgraded one of my servers to 5.6.1 (running on Ubuntu 16.04) but ran into one glitch:
the previously working OMERO.mail configuration doesn’t seem to work for password resets. When someone tries to request a password reset they get:
image

However, when I send an email from the Email Tab in the admin “console”, that works fine.

In Blitz.log I get messages such as these:

2020-03-30 15:53:37,267 INFO  [   o.c.a.ResetPasswordRequestI.@1a5f1dc4] (l.Server-5) Add callback: -U.V]}RaL*cR1\'tr\'K+e/1cce6c96-59b7-4dc6-a624-0c61677ab1e1
2020-03-30 15:53:37,268 INFO  [   o.c.a.ResetPasswordRequestI.@1a5f1dc4] (.Server-11) getResponse: null
2020-03-30 15:53:37,282 INFO  [         ome.security.basic.EventHandler] (1-thread-1)  Auth:    user=1,group=-1,event=41996726(User),sess=2d337278-23b2-44ca-9605-3c40c358a6d2
2020-03-30 15:53:37,294 INFO  [   o.c.a.ResetPasswordRequestI.@1a5f1dc4] (1-thread-1) Cancelled
2020-03-30 15:53:37,294 INFO  [                 org.perf4j.TimingLogger] (1-thread-1) start[1585608817283] time[11] tag[omero.request.step.0]
2020-03-30 15:53:37,294 INFO  [                 org.perf4j.TimingLogger] (1-thread-1) start[1585608817282] time[11] tag[omero.request]
2020-03-30 15:53:37,295 INFO  [                 org.perf4j.TimingLogger] (1-thread-1) start[1585608817266] time[28] tag[omero.call.exception]
2020-03-30 15:53:37,295 INFO  [        ome.services.util.ServiceHandler] (1-thread-1)  Excp:    omero.cmd.HandleI$Cancel: unknown-email
2020-03-30 15:53:37,295 INFO  [                 org.perf4j.TimingLogger] (1-thread-1) start[1585608817265] time[29] tag[omero.request.tx]
2020-03-30 15:53:37,295 INFO  [   o.c.a.ResetPasswordRequestI.@1a5f1dc4] (1-thread-1) notify cancelled: omero.cmd.ERR@1cf253ea/omero.cmd.Status@5f3eb5c9
2020-03-30 15:53:37,296 INFO  [                      omero.cmd.SessionI] (.Server-10) Unregistered servant:2d337278-23b2-44ca-9605-3c40c358a6d2/IHandlee5b8d0bb-8e73-471c-9f13-54f83b4fc008(omero.cmd._HandleTie@6887a1f)
2020-03-30 15:53:37,296 INFO  [   o.c.a.ResetPasswordRequestI.@1a5f1dc4] (.Server-10) Closing...
2020-03-30 15:53:37,296 INFO  [   o.c.a.ResetPasswordRequestI.@1a5f1dc4] (.Server-10) notify cancelled: omero.cmd.ERR@1cf253ea/omero.cmd.Status@5f3eb5c9

Needless to say that the user in question DOES have an email address configured in the user manager.

My omero config get is:

omero.data.dir=/data/OMERO
omero.db.name=omerodb
omero.db.pass=********
omero.db.poolsize=100
omero.db.user=omero_user
omero.jvmcfg.max_system_memory=96000
omero.jvmcfg.percent.blitz=50
omero.jvmcfg.percent.indexer=15
omero.jvmcfg.percent.pixeldata=30
omero.jvmcfg.percent.repository=15
omero.mail.config=true
omero.mail.from=sudard@ohsu.edu
omero.scripts.timeout=36000000
omero.threads.background_threads=20
omero.threads.max_threads=100
omero.web.application_server=wsgi-tcp
omero.web.apps=["omero_webtagging_autotag", "omero_webtagging_tagsearch", "omero_figure", "omero_iviewer", "omero_parade", "corsheaders"]
omero.web.cors_origin_allow_all=True
omero.web.login_logo=https://omero.ohsu.edu/MEPLINCS_logo.PNG
omero.web.middleware=[{"index": 1, "class": "django.middleware.common.BrokenLinkEmailsMiddleware"}, {"index": 2, "class": "django.middleware.common.CommonMiddleware"}, {"index": 3, "class": "django.contrib.sessions.middleware.SessionMiddleware"}, {"index": 4, "class": "django.middleware.csrf.CsrfViewMiddleware"}, {"index": 5, "class": "django.contrib.messages.middleware.MessageMiddleware"}, {"index": 0.5, "class": "corsheaders.middleware.CorsMiddleware"}, {"index": 10, "class": "corsheaders.middleware.CorsPostCsrfMiddleware"}]
omero.web.open_with=[["Image viewer", "webgateway", {"supported_objects": ["image"], "script_url": "webclient/javascript/ome.openwith_viewer.js"}], ["omero_figure", "new_figure", {"supported_objects": ["images"], "target": "_blank", "label": "OMERO.figure"}], ["omero_iviewer", "omero_iviewer_index", {"supported_objects": ["images", "dataset", "well"], "script_url": "omero_iviewer/openwith.js", "label": "OMERO.iviewer"}]]
omero.web.ui.center_plugins=[["Auto Tag", "omero_webtagging_autotag/auto_tag_init.js.html", "auto_tag_panel"], ["Parade", "omero_parade/init.js.html", "omero_parade"]]
omero.web.ui.top_links=[["Data", "webindex", {"title": "Browse Data via Projects, Tags etc"}], ["History", "history", {"title": "History"}], ["Help", "http://help.openmicroscopy.org/", {"target": "new", "title": "Open OMERO user guide in a new tab"}], ["Tag Search", "tagsearch"], ["Figure", "figure_index", {"target": "_blank", "title": "Open Figure in new tab"}]]
omero.web.wsgi_workers=17

And the password reset request worked fine when it was running 5.5.1.

Thanks,

  • Damir

Thank you for the great bug report. The password reset feature looks to be a gap in our test suite and seems to have fallen foul of the fix for 2019-SV3. I’ll look at fixing the bug and adding a regression test. I am afraid that I don’t expect a simple interim workaround but at least our release process is easier for non-secvuln builds!

Thanks @mtbc. I’ll just tell the users NOT to forget their passwords for a while :slight_smile:
Cheers,
Damir

:smiley: Of course, in the meantime administrators can reset users’ passwords for them.

Of course, just being facetious (and lazy) since I’m the administrator.

1 Like

Hi OME team,
Looks like this bug isn’t squashed yet in the 5.6.2 release. Is there a Issue# or PR# I can track to see when it will be fixed?
Thanks,
Damir

That fix did make it into the 5.6.2 release and the regression test is still passing. We are however seeing wider mail issues over recent weeks, I wonder if that could fit the symptom you’re seeing? Are you seeing the error reported in red in your original screenshot, for a user who does have an address, or something else? (Could be we should start a new item / split this one.) If the latter, could you give detail of your omero.mail.* configuration? Could anything else have changed on your system lately, e.g., some Java- or OpenSSL-related updates?

1 Like

Hi @mtbc I owe you an apology: it indeed works fine again in 5.6.2. I quickly tried to do a password reset using my own account and since that is an administrator account, that was refused with a helpful message why … which I didn’t read :grimacing: - sorry …
Cheers,
Damir

PS: Just FYI, this is on Ubuntu 18.04 (recently upgraded) with OpenSSL 1.1.111

Thanks for letting us know, @dsudar. It’d still be useful if you could give us insights into your mail config. e.g. is it an encrypted connection? (SSL or TLS?) ~Josh

Hi Josh,

On my servers I just have the simplest possible config:

omero.mail.config=true
omero.mail.from=sudard@ohsu.edu

and that works in our environment.

Cheers,
Damir

Thank you indeed, Damir, great to know that’s all working for you okay. :+1: