In the labyrinth of Magento development, encountering unexpected roadblocks is all too familiar. One such conundrum that has puzzled many administrators is the failure of the reset password feature for the admin user in Magento versions 2.4.6-p3 and below. It’s a perplexing issue that leaves users stranded, unable to regain access to their vital accounts.

But fear not, for in the midst of this challenge lies a straightforward solution waiting to be unearthed. Understanding the root cause of this problem and implementing the necessary fixes is not only possible but also relatively simple.

In this blog post, we delve deep into the heart of the matter, uncovering why the admin password reset feature fails in these specific Magento versions and elucidating the steps required to rectify it with ease. Whether you’re a seasoned Magento administrator or a curious developer, this exploration promises to shed light on a common pain point and pave the way for swift resolution.

What Happens?

It happens! We forget our passwords many times in our career and we need to recover them by using the tools available in the system. In Magento, on the admin panel, there’s a link right below the credential fields that you need to click to start the flow of generating a new password. The Forgot your password link.

When you click on this link, you’re redirected to another page where you’ll need to insert you email you use to log in to your admin account.

When you insert your email there and ask for a reset password link, you’ll receive an email with the link in your inbox. It’s important to note that, even though it states you’ll receive a link, it’s actually only sent if there’s an admin user with the same email requested.

The email will look like the following:

Note the first portion of the URL provided in the email. This happens because, if you navigate through STORES > Settings > Configuration > Web > Url Options, you have the configuration field Add Store Code to Urls set to Yes:

If it’s not your case or if you’re running Magento 2.4.7 (they fixed it in this version) or later, you’re probably not facing this issue. However, if you have this option set to Yes and are running Magento 2.4.6-p3 and below, your Admin Account Reset Password feature is probably not working, because you’ll get a big 404 after clicking on the link in the email.

Why does that happen?

This issue is caused by a tiny piece of code on the email template.

Open the following file:

vendor/magento/module-user/view/adminhtml/email/password_reset_confirmation.html

There should be another parameter on the line marked in red. This new parameter is _type="web". This line should look like the following:

{{store url="admin/auth/resetpassword/" _type="web" _query_id=$user.user_id _query_token=$user.rp_token _nosid=1 }}

You can check this out on the official Magento 2 repository on GitHub by clicking here.

How do You Fix It?

Thankfully, fixing it is quite easy. You can either:

1. Apply a patch to this email template, which would fix the problem directly at the root. However, this requires development knowledge to apply this tiny change to the email template; or
2. You can edit this email template directly on the admin and do the change by yourself, without a developer’s help.

It’s important to keep in mind that this fix would be temporary since Magento already fixed this issue in Magento 2.4.7, which is a beta version at the moment I write this post.

To help you fix that, I’m gonna use the second approach, because it’s way simpler than the first one.

1. Log in to your admin panel, or ask someone who has access to the admin panel you’re trying to fix;
2. Navigate to MARKETING > Communication > Email Templates;
3. Click on the Add New Template button;
4. Under the Load Default Template section, in the Template field, select the Forgot Admin Password template and click on the Load Template button;
5. Give it a custom name on the Template Name field;
6. Make the change on the Template Content field;
7. Save the template.

Your template should look like the following:

Now we need to set this new template to be used instead of the original one. Note that, in Currently Used For, Magento already shows you where this template is being used. You just need to navigate there and make the change on the proper config field. In our case, we need to navigate to:

STORES > Configuration > Admin > Admin User Emails

And change the Forgot Password Email Template field.

Save the configurations and clear the caches.

Time to test our solution. Voilá!

As our journey through the realm of Magento’s admin password reset feature comes to a close, we find ourselves equipped with newfound clarity and confidence. The enigma that once shrouded this challenge has been dispelled, replaced by a clear understanding of the issue and a practical solution at our fingertips.

By identifying the root cause of the problem in Magento versions 2.4.6-p3 and below, we’ve taken the crucial first step toward resolution. Armed with this knowledge, administrators and developers alike can proceed with assurance, knowing that a straightforward fix lies within reach.

With a simple adjustment to the Magento configuration, specifically updating the password reset token expiration period, we can breathe new life into the reset password feature, restoring its functionality and empowering users to regain access to their accounts swiftly and seamlessly.

As we bid farewell to this chapter of troubleshooting, let us carry forward the lessons learned and the solutions discovered. May they serve as beacons of guidance in future endeavors, reminding us that even the most daunting challenges can be overcome with patience, perseverance, and a willingness to explore.