Fill out the following bug report template with as much detail as possible!
Are you sure this is a bug? If you just need help, post in the developer help category. If it’s a feature request, head to the ideas category.
Issue Summary
- Explain roughly what’s wrong
The site in question is tofugametips.ghost.io (which also has a .com domain attached to it though it’s currently having issues with cloudflare’s DNS ATM). I was running adblock but I’ve whitelisted this domain. Whenever I try to reset my password it appears that the attempt is successful, and it attempts to log me in after the reset is complete but can’t complete the request because of the lockout time due to too many attempted logins. - What did you expect to happen?
The password to reset, with me able to login after instead of waiting for the timeout due to too many login attempts.
Steps to Reproduce
- Navigate to signin page.
- Attempt login
- Login fails - but says to reset password to bypass the request lockout. So I proceed to request a password reset.
- Go to my email, open the link from and change my password.
- Because nothing happens at this point, I return to Ghost Admin and attempt to sign in again.
- Login fails due to too many attempted logins.
Setup information
Ghost Version
Share which version of Ghost you’re using.
Ghost Pro (web admin portal )
Provide details of your host & operating system
Include further details about your hosting and OS.
Database type
MySQL 5.7 / MySQL 8 / SQLite 3 / Other
N/A
Browser & OS version
Version 115.0.5790.99 (Official Build, ungoogled-chromium) (64-bit)
Relevant log / error output
json request when resetting password:
"password_reset": [
{
"newPassword": "N0tR3alLyMyn3Wp@s$wOrD",
"ne2Password": "N0tR3alLyMyn3Wp@s$wOrD",
"token": "SuperLoooooooooooooooooooooo0o0o0o0o0ongToken"
}
]
}
response:
{password_reset":[{"message":"Password changed successfully."}]}
The page then attempts to re-direct me to via {mysite}/api/admin/session but returns with the error:
{"errors":[{"message":"Too many login attempts. Please wait 30 minutes before trying again, or reset your password.","context":"Too many login attempts.","type":"TooManyRequestsError","details":null,"property":null,"help":"Too many login attempts.","code":null,"id":"78b0f3a0-3310-11ee-87fa-934735dc9535","ghostErrorCode":null}]}