Issue with Password Reset Endpoint in Simple JWT Login Plugin

  • Hello everyone,

    I’m working with the Simple JWT Login plugin on a WordPress project, and I’ve encountered an issue with the password reset functionality. Below is a detailed description of the problem and what I’ve attempted so far:Problem Description

    When attempting to reset a password via the plugin’s REST endpoint, I always receive a success response ({"success":true,"message":"User Password has been changed."}) regardless of whether the request is processed correctly or not. The response does not reflect the actual state of the operation, and the user’s password is not updated.

    I’m using the following curl command to make the PUT request:

    curl -v --location --request PUT 'https://aws.domain.com/wp/?rest_route=%2Fsimple-jwt-login%2Fv1%2Fuser%2Freset_password' \ --header 'Content-Type: application/json' \ --data-raw '{ "email": "[email protected]", "code": "moOx8Onxj79RX721sAIr", "new_password": "123456" }'

    What I’ve Tried

    1. Endpoint Verification:
      • I’ve checked that the REST route is correctly configured to accept PUT requests and that the callback function is properly implemented.
    2. Plugin Code Review:
      • I’ve reviewed the plugin code and haven’t found any exceptions or obvious errors in the callback function.
    3. Logs and Debugging:
      • I’ve examined Nginx and WordPress logs for errors but haven’t found relevant information.
      • I’ve added logging to the callback function to try and pinpoint where the issue might be.
    4. Deactivation of Other Plugins:
      • I’ve deactivated all other plugins and switched to a default theme to rule out potential conflicts, but the issue persists.
    5. Additional Testing:
      • The native WordPress password reset functionality works correctly, suggesting that the issue is isolated to the JWT plugin.

    Environment

    • PHP Version: 8.2.16
    • WordPress Version: 6.6.2
    • Simple JWT Login Plugin Version: [Include plugin version here]

    Request for Help

    Has anyone encountered a similar issue or have any idea what might be causing the password reset endpoint to always return a success response without actually changing the password? Any advice or suggestions would be greatly appreciated.

    Thank you in advance for your help.

  • You must be logged in to reply to this topic.