Janrain Reset Password: Not launching Modal

  • Problem
    1. User cannot reset password
    2. User is able to log back into the application, from email, if they use a non-expired password reset token url.

    Discussion
    After requesting a password reset, an email is sent out with the following URL for reset:

    https://php.hgv.dev/wp-admin/admin-ajax.php?action=janrain_capture_redirect_uri&code=wna6bd772nr3bv

    When this occurs, janrain-capture.php will forward the request to the registered wp_ajax method of redirect_uri. From there, the JanrainCaptureApi is immediately instantiated and a new access token is generated base on the above code. That code will log the user back in! Obviously a security risk if the email is compromised.

    After the token has been generated, it appears one condition continues the flow of password reset. That is:

    if ( $api->password_recover === true ) {
    wp_redirect( add_query_arg( array( 'janrain_capture_action' => 'password_recover' ),  home_url() ) );
}

    Essentially redirecting the user back to the homepage, as logged in, with the final query request of:

    https://php.hgv.dev/?janrain_capture_action=password_recover

    After digging through the plugin, it appears this is a fragment from the capture legacy implementation. We can find a reference to password recover action within the JanrainCaptureUi Object. There it begins the process of using admin ajax to create a modal. However, this doesn’t apply to us as we use the modern capture implementation provided from janrain screens.

    Therefore, it appears the token code attempts to log a user back in and redirect them with the above query request. Because the query is not associated with a registered wp ajax action method, it doesn’t do anything. And even if it attempts to load a provisioned screen of forgot.html, it couldn’t without a code in query.

    The functionality of resetting a password, from an email, seems to be non-existent for this plugin. If we attempt the current workflow in loading a screen, it is possible to load the markup file by correctly appending the following query parameters:

    https://php.hgv.dev/wp-admin/admin-ajax.php?action=janrain_capture_redirect_uri&url_type=forgot&code=123

    This will load an individual page but proves to be incorrect and non-working when attempting the reset. The correct flow, would of course, launch up the screens in the existing provisioned modal.

    https://www.ads-software.com/plugins/janrain-capture/

Viewing 1 replies (of 1 total)
  • Thread Starter KLVTZ

    (@klvtz)

    Please note that above issue has been submitted has a support ticket to Janrain.

Viewing 1 replies (of 1 total)
  • The topic ‘Janrain Reset Password: Not launching Modal’ is closed to new replies.