Cannot reset master password
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Cannot reset master password
It seems there is an error in the OC200 web server.
If you ask for password reset the email contains a wrong link (IP is 127.0.0.1 instead of 192....) and if you enter the new password and click "Save" this error is shown in Chrome console
Request URL: https://192.x.x.x/api/v2/resetPassword
Request Method: POST
Status Code: 500 Server Error
Remote Address: 192.x.x.x:443
HTTP ERROR 500
Problem accessing /api/v2/resetPassword. Reason:
Server Error
Caused by:
org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.NullPointerException at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1013) at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:908) at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:882) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:873) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1623) at com.tplink.omada.web.filter.CacheControlFilter.doFilter(SourceFile:51) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61) at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108) at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
Any idea?
Re:Cannot reset master password
you are right, resetting the password on OC200 throws an error. If I manually correct the wrong IP 127.0.0.1 in the passwort change request URL, I get a 500 Server Error as well:
Of course, sending a test mail works, but the password change request URL is terribly wrong.
With Omada SW Controller resetting the password works (but still not the correct IP in the URL).
There are other bugs in the mail handling of Omada Controller:
- Still wrong EHLO messages:
- The SW controller seems to look up the DNS name of the server for use in EHLO. If you have DNS, but you're behind a NAT firewall, the local DNS name (e.g. host.mydomain.local) is used, but it's wrong. We should be able to set the domain name of the gateway which has its own public IP (e.g. host.provider.net).
- The OC200 controller uses a pretty weird hostname for EHLO: in my case it's 50-56-26-206.static.cloud-ips.com. WTF?
- Wrong IP in password change request URL:
- OC200 inserts IP 127.0.0.1.
- SW Controller selects the server's IP, but when the server is a multi-homed server (a server with two or more NICs and two or more IP addresses), the password change request randomly selects an IP. For example, all my servers (even Internet servers which are interconnected by a VPN) always have at least two IPs (for example, 192.168.1.100 and 10.10.10.100). If accessing the server from the 192.168.1.0 network, I receive an IP from the 10.0.0.0 network which won't work.
In previous Omada Controller versions we could define the hostname of the server to be used in password change requests. So it resolves correctly if the link is followed. Using an IP address does not work correctly, especially not if it is localhost (127.0.0.1) as in the case of OC200.
- When sending a test mail, it generates a Cc: to the login user for authentication if you use SMTP authentication. Pretty weird and even a security concern: it reveals the SMTP authentication username to the recipient of the mail.
- When sending other mails and you have set a sender address like no-reply@domain.tld it not only uses this no-reply address as the sender (FROM), but also generates a Cc: to no-reply. Now, if your mailer rulesets discard mails to no-reply (as it's usual for such role accounts) the mail will be completely discarded. It does not arrive at the given To: address (e.g. user@domain.tld) either:
Sep 27 11:43:22 mx01 sm-mta[16917]: 08R9hM81016917: from=<no-reply@mydomain.com>, size=642, class=0, nrcpts=2, msgid=<732962684.3.1601199799923.JavaMail.javamailuser@localhost>, proto=ESMTP, daemon=MTA-v4, relay=hsi-192-0-2-12.myprovider.net [192.0.2.12] (may be forged)
Sep 27 11:43:22 mx01 sm-mta[16917]: 08R9hM81016917: discarded
This was hard to find out why such mails do not arrive at all ...
- The SMTP protocol is violated when OC200 delivers the mail to the MTA via the cloud:
Sep 27 11:43:46 mx01 sm-mta[16430]: 08R9heKu016430: 50-56-26-206.static.cloud-ips.com [50.56.26.206] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v4
- What if you use the same mail address for different user names? There is a change that you reset the password for the wrong account. The password reset form should query for the account name to sent a password change request to the mail address associated with this particular account.
- SMTP port configuration has been screwed up completely (see this thread).
༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
