Contrib.social

Password Reset form validation is not prompted anymore

Open on Drupal.org β†’
Created on 18 August 2020, almost 4 years ago
Updated 28 December 2023, 6 months ago

Problem/Motivation

The changes introduced in #3112961: Password reset form has no flood control β†’ are too excessive in a way, that they clear all the errors from the form state. I understand that the idea there was to get rid of enumeration on that form, but clearing the errors from the form state object result in the form to behave like it did not face any errors.

I have found this bug when using this module in combination with reCATPCHA, which will no longer halt the end user when the challenge fails validation.

Steps to reproduce

  1. Install reCAPTCHA & this module on 8.x-1.1
  2. Configure a reCAPTCHA challenge for the Password Reset form
  3. Attempt to do a password reset as anonymous user but ignore the challenge
  4. No errors are shown and the user is given the success message, where it should not have

Proposed resolution

Do something less excessive than clearing all the errors from the form state.

Remaining tasks

Write a patch, review, test and write test cases.

User interface changes

N/A

API changes

N/A

Data model changes

N/A

πŸ› Bug report
Status

RTBC

Version

1.0

Component

Code

Created by

πŸ‡§πŸ‡ͺBelgium baikho Antwerp, BE

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024