Bug: After Reseting Password (Invalid mail or password)

Question

question

gamerishere asked Apr 30, '18

Bug: After Reseting Password (Invalid mail or password)

Hello,

I submitted the question to support email but as you instructed, here's the info:

I've published my game and it's available for audience to download. When I released the game, the "reset password" was working properly. But just today, one of our users complained that after resetting password, it says "invalid mail or password" when he tries to login with his new password.

I digged into the issue, and tried to reproduce it successfully. When I used the password which I just reset, I got "invalid mail or password". After brendan's reply, I checked the issue again and it is still not working.

Please be informed that my game's title name is not "My Game". It starts with "S" and ends at ")", I am not feeling comfortable to share my title ID here. But as you can see in the screenshot, the mail says "Reset your 'My Game' password". Instead of my game, I used to receive the exact name of my game title. For your information, I had the title name "My Game" earlier but I just deleted it today, it was a test title and it is no longer there as I just deleted it few hours ago. But even after deleting that, it is showing "Reset your 'My Game' password".

The strange part is that, when i change password from the link, it says in Live Playstream that "password changed successfully" and that too in the correct title ID and name. But when i try to log in using that password, it returns "Invalid mail or password" and also the old password stops working. (If the request would execute for any other account, there was no point for old password to stop working but it confirms that this is a bug)

I saw an update "Fixed password recovery email" and seems like you still have that issue going. Please fix the issue. If you want to know my title ID, please see Support Request 10441 where I shared title id and title name too.

Again, there's no such thing as "My Game" in my developer studio. I've deleted that title already but even deletion couldn't solve the bug.

3

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

gamerishere commented · Apr 30, 2018 at 06:30 PM

I found that my game's name was "My game". I changed "My Game" to my original game's name and the email came with proper name. But when i changed the password using that received mail, it is still saying "Invalid mail or password". WTF is happening there!!!!

0 ·

gamerishere commented · Apr 30, 2018 at 06:33 PM

See above. It says "Player completed password reset" but it doesn't log in with that new password and also the old one stops working.

0 ·

tit.png (15.9 KiB)

gamerishere commented · May 01, 2018 at 02:46 AM

I've checked things once again. The bug is still there. Please see Support Request 10441 to know my Title ID. @Brendan I'm waiting bro, plz reply asap.

0 ·

Answer 1 · 2018-05-01T07:44:13Z

brendan answered May 1, '18

To be clear, your Title ID isn't a secret - it's in every API call made by your client, so it's available in your client code. In most cases, we will need to know it, in order to help solve issues.

I’ve tested the password reset functionality a few times in my own test title, and it appears to be working fine. I can also confirm that there are over 1,400 live titles in the service, and that a non-trivial number of them use email/password or username/password for sign-in, and I’m not seeing similar issues on any of them. If you want me to confirm in your title directly, I can create my own test player and change its password using that method, or I can change the email address of that specific user account to my own temporarily, update the password and test that sign-in works, and then change the email address back and send you (privately) info on the new password. What’s your preference?

4

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

gamerishere commented · May 01, 2018 at 12:46 PM

Hi @Brendan

If so, that's my title ID: "C582". The problem is that I'm receiving the password reset mail correctly when i click on resetpassword from my game. When I change the password using the link given in mail, it says "password updated successfully" but when I try to log in using that password, it doesn't log it with that password. Several members reported the issue to me and I had to create a whole new account for them.

But here's some new information:

The "change email" functionality from developer dashboard area is working fine. I've changed the user password (the player who didn't ever reset password from API) from my Players Overview area in dashboard but I am surprised to see that it still says "Invalid mail or password" when i try to login using that password too. So, this seems like an issue on my title ID. if it would be an issue of reset password api, it would work with the changed password that I changed from dashboard area but no luck. You can test it yourself.

Thank you in advance bro, please fix my issue asap.

0 ·

gamerishere gamerishere commented · May 02, 2018 at 12:37 PM

@Brendan I'm waiting please man look into it. I'd be very thankful. I can understand you're short of time, but please bro, the game is live and people are having issues with it. This seems like an issue with my title account only (if you claim that everything is working fine from other titles). Please look into my title account C582 and see what's going on. I shared the Display name of one of the players too for which i changed the password. You can also try changing his password and you'll find yourself the bug.

0 ·

brendan gamerishere commented · May 03, 2018 at 06:01 AM

Please understand that we have quite a lot of titles in the service, and limited staff. It can take up to a couple of business days for you to get responses, though we're usually much faster than that.

But again, password reset is working fine. I just created a test user in your title - "testuser0002". I used both the Client API and the Game Manager send password reset email functionality to reset the password. After each password reset, the new password worked fine to sign the player in - have a look at the player account and all the events on it, and you'll see this.

Here's what I would suggest: Create a test player account. Reset its password using whichever method you believe is misbehaving. Use Postman or the api.playfab.com TryIt functionality to sign in with the new password. If you see the same error, please send us the specific details, step by step, of what you did, so that we can try to reproduce it.

0 ·

gamerishere brendan commented · May 03, 2018 at 06:06 PM

Hi @Brendan, thanks for your reply. Much appreciated!

I changed the password of your account "testuser0002" to 1234567 from my Dashboard Overview area and it returns "Invalid mail or password". I copied the same email and used my changed new password on it, but still same error. it is strange that you're not able to reproduce it. Also, I'm wondering because there can't be any issue in my code due to the fact that everything was working fine 10-15 days ago.

Also, logging function is working fine with other accounts. It returns "invalid email or password" message only for such accounts for which we changed password. My game is live and people are logging in without issues. Only "reset password" issue.

When i register a new player, input the password from there, it registers the account correctly and players are able to login using that password. But when I reset password from both, API and dashboard overview,not only new password doesn't work but old password stops working too. Something is wrong and probably you've missed it?

0 ·

Answer 2 · 2018-05-03T19:04:41Z

gamerishere answered May 3, '18

Hi @Brendan

I've fixed the issue but going through another trouble. Please help.

I was using the text object under InputField, was using its text for password. Though it worked correctly when people registered the game (because they set the password from that InputField) but when they receive password reset email (or when I change from dashboard), for some reasons, the format of text is different.

I started using InputField.text and new passwords worked successfully. However, old passwords are not working for old accounts with this change in code since the game sends the different text. Is it possible to know the passwords of users in the game? I would like to change everyone's password with the new settings and then update the game version with it.

4

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

brendan commented · May 04, 2018 at 01:25 AM

No - and any service that can give you the password is one you should never, ever do business with, as that would mean they're storing passwords in the clear. The only way passwords should ever be stored is in a salted+hashed state, so that you can log the person in (you just use the same method to salt+hash the password, to see if it matches what's stored), but you can never get back to the original password. Password fatigue (people re-using passwords on multiple services) is extremely common, so any service that did this would be putting their customers at risk.

What you'll want to do in this case is to try using the text first and, if that fails, try the non-raw InputField version. If that succeeds, pop a notification to the player that they're required to change their password to continue, send the reset email, and push them back to the sign-in screen (delete the local Session Ticket, to be safe).

0 ·

nikorah12 commented · Mar 22, 2022 at 12:51 PM

d

,

Have the same issue did you fixed it?

0 ·

nikorah12 nikorah12 commented · Mar 22, 2022 at 12:54 PM

I'm struggling a lot with this there is no way to fix this. I tried literally anything

0 ·

khawar nikorah12 commented · May 18, 2023 at 05:34 AM

you solved?

0 ·

question

Bug: After Reseting Password (Invalid mail or password)

2 Answers

Write an Answer

Navigation

Spaces

question details