Password reset - conflict between Woocommerce & Lifterlms

[saracomin96]

Reproduction Steps

Use Woocommerce to reset user passwords

1. Go to /my-account/lost-password and request a reset
2. Click the link that arrives by email

Expected Behavior

The result when I land on the page should be the form that allows me to change the password

Actual Behavior

The form for requesting a password reset.

I noticed something when checking the code of both woocommerce and lifterlms

After clicking the link on the page, the added parameter, in url, is ?reset-pass=1 which seems to be generated by this function:

public function reset_password_link_redirect() {

		if ( is_llms_account_page() && isset( $_GET['key'] ) && isset( $_GET['login'] ) ) {

			$user = get_user_by( 'login', wp_unslash( llms_filter_input_sanitize_string( INPUT_GET, 'login' ) ) );
			$uid = $user ? $user->ID : 0;
			$val = sprintf( '%1$d:%2$s', $uid, wp_unslash( llms_filter_input_sanitize_string( INPUT_GET, 'key' ) ) );

			( new LLMS_Cache_Helper() )->maybe_no_cache();
			llms_set_password_reset_cookie( $val );
			llms_redirect_and_exit( add_query_arg( 'reset-pass', 1, wp_lostpassword_url() ) );
		}
	}

This parameter does not allow you to view the password reset form, but the reset request form is displayed again.

Indeed, Woocommerce checks that the URL contains the ?show-reset-form=true parameter to display the password reset form.

This issue has be recreated:

• Locally
• On a staging site
• On a production website
• With only LifterLMS and a default theme

[jurasjo]

If I remember correctly, I had this problem. The solution was to unset Dashboard page from Settings/Accounts in LifterLMS. Then WC take care of proper password reset.

It might be connected to this issue #2741