whenever i try to reset my password via the mail reset passord link
i alwaye get this message
Invalid Link The reset password link has either been used before or is invalid
i tried to increase the “Password Reset Link Generation Limit” and “Reset Password Link Expiry Duratio” from system settings but still not working.
Any sloution?!
update:
After some investigation, I found out that the problem was due to a mismatch between the key in the URL and the stored reset password key in the database .
here is the core code behind it
When you click on a password reset link like this:
https://your-site.com/update-password?key=some-random-key
Frappe runs the function _get_user_for_update_password(key) which does the following:
- Takes the
keyfrom the URL. - Hashes it using SHA-256.
- Compares the hash with the stored
reset_password_keyfor the user in the database.
If they match, and the key hasn’t expired, the password reset form is shown.
But in my case, the keys didn’t match – because the link was being generated with the wrong base URL.
The system was generating links using an incorrect domain or hostname, while I was trying to use them on a different site.
This happened because the host_name setting in the Frappe site config was not set correctly.
I fixed the issue by updating the host_name in the site config:
bench --site [site-name] set-config host_name https://your-correct-production-domain.com
Then I restarted the services:
#in production (supervisor)
bench restart
#in local environment
Ctrl + c
bench start