Hi folks,
Anyone could suggest the best way to troubleshoot the OOB password reset function in an Istanbul instance?
The Password Reset Plug-in is enabled and the password reset can be accessed by the URL below
https://mytestinstance.service-now.com/$pwd_reset.do?sysparm_url=ss_default
https://mytestinstance.service-now.com/$pwd_reset.do?sysparm_url=ss_defaultI then enter an existing dummy user account
I am asked if the answer should be test.passwordtest@test.com
When clicking 'next' , the below error appears
Troubleshooting attempted :
1 Instance runs Istanbul patch 5 and the instance has been customised in Password reset ; and therefore I xmled 15 UI pages (starts with $pwd) into this instance from my personal ServiceNow instance running Istanbul patch10
2 Check Credential Stores
Everything looks OK and the error comes out before the password checking
3 Make sure active 'Processes'
Default Self Service
Service Desk QA Confirmation Process
Again they look ok (compared to my personal instance)
4 Verifications
I notice two more verifications 'Sample Mock Verification #1' and 'Sample Mock Verification #2' on my personal OOB instance but would assume this is just additional verification types, and they should not impact the reset process.
It would be appreciated if any advice.
Thank you guys in advance.
Once a request is raised and I receive an error
Opening the request number can find further details; both activities appeared verified successfully
Further investigation on the script include "PasswordResetUtil" I am running is kind of an old version, and after I tried to import it from my OOB instance Istanbul 10, this error no longer appeared.
Original version:
var PasswordResetUtil = Class.create();
PasswordResetUtil.prototype = Object.extendsObject(AbstractAjaxProcessor, {
isPublic: function() {
return true;
},
validatePassword : function() {
var validateErr = SNC.PasswordResetUtil.validateStrongerPassword();
if ("true" != validateErr)
this.setAnswer("false");
else
this.setAnswer("true");
},
sendResetEmail: function() {
var result = this.newItem("result");
var userId = this.getParameter('sysparm_user_id');
var requestId = this.getParameter('sysparm_request_id');
this._sendResetEmail(userId,requestId, result);
},
_sendResetEmail: function(userId, requestId, result) {
var usr = new GlideRecord('sys_user');
usr.addQuery('sys_id', userId);
usr.addQuery('active', 'true');
usr.queryNoDomain();
if(!usr.next()){
gs.log("User : " + userId + " is eiter inactive or doesn't exist on the instance");
result.setAttribute("result","false");
return;
}
var resetPasswordURL = '';
var token = SNC.PasswordResetUtil.generateUniqueUserToken(usr.sys_id);
if(GlideStringUtil.notNil(token))
resetPasswordURL = this.getInstanceURL() + '/passwordreset.do?sysparm_id=' + usr.sys_id + '&sysparm_request_id=' + requestId + '&sysparm_nostack=true&sysparm_token=' + token;
else {
logError("Failed to generate unique token for user. Password reset failed for user : " + usr.user_name);
result.setAttribute("result","false");
return;
}
var eventName = 'password.reset.url';
var param1 = GlideProperties.get("glide.pwd_reset.onetime.token.validity","12");
var param2 = resetPasswordURL;
gs.eventQueue(eventName, usr, param1, param2);
result.setAttribute("result","true");
},
getInstanceURL: function() {
var url = gs.getProperty("glide.servlet.uri");
if (GlideStringUtil.nil(url)) {
gs.log("glide.servlet.url is empty!");
return "";
}
url = url.trim();
var len = url.length;
if (url[len-1] == '/')
return url.substring(0, len-1);
return url;
},
type: 'PasswordResetUtil'
});
Imported version which worked as expected.
var PasswordResetUtil = Class.create();
PasswordResetUtil.prototype = Object.extendsObject(PwdAjaxRequestProcessor, {
isPublic: function() {
return true;
},
validatePassword : function() {
var validateErr = SNC.PasswordResetUtil.validateStrongerPassword();
if ("true" != validateErr)
this.setAnswer("false");
else
this.setAnswer("true");
},
sendResetEmail: function() {
if(!this._validateSecurity()){
return;
}
var result = this.newItem("result");
var userId = gs.getSession().getProperty('sysparm_sys_user_id');
// We get the requestId from the trustworthy session so no need to sanitize
var requestId = gs.getSession().getProperty('sysparm_request_id');
this._sendResetEmail(userId,requestId, result);
},
_sendResetEmail: function(userId, requestId, result) {
var usr = new GlideRecord('sys_user');
usr.addQuery('sys_id', userId);
usr.addQuery('active', 'true');
usr.queryNoDomain();
if(!usr.next()){
gs.log("User : " + userId + " is eiter inactive or doesn't exist on the instance");
result.setAttribute("result","false");
return;
}
var resetPasswordURL = '';
var token = SNC.PasswordResetUtil.generateUniqueUserToken(usr.sys_id);
if(GlideStringUtil.notNil(token))
resetPasswordURL = this.getInstanceURL() + '/passwordreset.do?sysparm_id=' + usr.sys_id + '&sysparm_request_id=' + requestId + '&sysparm_nostack=true&sysparm_token=' + token;
else {
logError("Failed to generate unique token for user. Password reset failed for user : " + usr.user_name);
result.setAttribute("result","false");
return;
}
var eventName = 'password.reset.url';
var param1 = GlideProperties.get("glide.pwd_reset.onetime.token.validity","12");
var param2 = resetPasswordURL;
gs.eventQueue(eventName, usr, param1, param2);
result.setAttribute("result","true");
},
getInstanceURL: function() {
var url = gs.getProperty("glide.servlet.uri");
if (GlideStringUtil.nil(url)) {
gs.log("glide.servlet.url is empty!");
return "";
}
url = url.trim();
var len = url.length;
if (url[len-1] == '/')
return url.substring(0, len-1);
return url;
},
type: 'PasswordResetUtil'
});
This was probably caused by our skipped upgrade on password reset app. Hoping this would help
