Skip to content

Reset Password Page stuck for OAuth-linked accounts. #36698

New issue
New issue
Open
Open
Reset Password Page stuck for OAuth-linked accounts.#36698
Labels
TaskedAdded to the internal issue tracking
@viscous-236

Description

@viscous-236
viscous-236
opened on Aug 12, 2025

Description:
When a user with a pre-existing, unverified local account attempts to log in via an OAuth provider (e.g., Google) using the same email address, they are correctly directed to the ResetPasswordPage. However, the "Reset" button on this page is non-functional due to a bug in the form's submission logic. The button calls the incorrect API endpoint (/v1/users.updateOwnBasicInfo), which does not finalize the account verification or log the user in. This leaves the user stuck on the password reset page in an inescapable loop.

Steps to reproduce:

  1. On a fresh Rocket.Chat server, create a new user with a standard email and password (e.g., [email protected]). Do not verify this user's email.

2.Log out.

  1. Configure Google OAuth for the server.

  2. On the login page, click the "Login with Google" button and authenticate with the same email address ([email protected]).

  3. Observe that you are correctly redirected to the /setup-wizard page to set a new password.

  4. Enter a valid new password in both fields and click the "Reset" button.

Expected behavior:
After clicking "Reset", the user's password should be updated, the requirePasswordChange flag on their account should be set to false, they should be logged in, and then redirected to the application's home page.

Actual behavior:
When the "Reset" button is clicked, a POST request is sent to the /api/v1/users.updateOwnBasicInfo endpoint. The server responds with success: true, but the requirePasswordChange flag on the user object remains true. The user is not logged in or redirected, and they remain stuck on the "Reset password" page.

Path: Rocket.Chat/apps/meteor/node_modules/@rocket.chat/web-ui-registration/src/ResetPassword/ResetPasswordPage.tsx

Image Image

Server Setup Information:
Version of Rocket.Chat Server: develop branch (local development environment), 7.10.0
Operating System: macOS
Deployment Method: Source (ran with yarn dsv)
NodeJS Version: v22.16.0
MongoDB Version: (Specify your MongoDB version, e.g., 6.x)

Client Setup Information
Desktop App or Browser Version: Brave, Chrome
Operating System: macOS

Metadata

Metadata

Assignees

No one assigned

    Labels

    TaskedAdded to the internal issue tracking

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions