Contrib.social

The force password change is triggered even if the user role is unselected

Open on Drupal.org →
Created on 8 November 2021, almost 4 years ago
Updated 4 May 2023, over 2 years ago

Problem/Motivation

If the user's role is not present in any of the policies, still the force password reset leads the user to user//edit page.

Steps to reproduce

1. Admin created a password policy "xx"
2. Admin assigned a user role "Content Manager" to "xx"
3. User with Role "Content Manager" logs in and clicks few pages
4. Admin force password change for Role "Content Manager"
5. User with Role "Content Manager" is forced redirected to user//edit page
6. Admin remove the Role "Content Manager" from policy "xx"
7. The user with Role "Content Manager" is still forced redirected to user//edit page

Proposed resolution

In the event subscriber check if the user role exists in any of the policies

Remaining tasks

User interface changes

API changes

Data model changes

🐛 Bug report
Status

RTBC

Version

3.0

Component

Code

Created by

🇳🇱Netherlands gopisathya

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • First commit to issue fork.
  • Open in Jenkins → Open on Drupal.org →
    Core: 10.0.7 + Environment: PHP 7.4 & MySQL 5.7
    last update over 2 years ago
    Composer require failure
  • @rajeshreeputra opened merge request.
  • Comment over 2 years ago
    🇮🇳India rajeshreeputra Pune

    Created MR for ease.

  • Open in Jenkins → Open on Drupal.org →
    Core: 10.0.7 + Environment: PHP 7.4 & MySQL 5.7
    last update over 2 years ago
    Composer require failure
  • Assigned to Kristen Pol
  • Comment over 1 year ago
    🇺🇸United States Kristen Pol Santa Cruz, CA, USA

    Assigning to myself as I'm reviewing/merging ready RTBC fixes/updates over the next few days.

  • Issue was unassigned.
  • Status changed to Postponed: needs info over 1 year ago
  • Comment over 1 year ago
    🇺🇸United States Kristen Pol Santa Cruz, CA, USA

    Thanks everyone for working on this issue.

    Maybe I'm misunderstanding something but this issue doesn't make sense to me. The force password reset feature isn't tied to a policy. Or at least it's not in 8.x-3x. and 4.x which is what I've been testing. It's its own feature.

    So... you choose the roles for the force reset and those should apply for those roles whether or not they are in a policy.

    For now, I'm moving this to postponed in case I'm missing the point of this, but I think it should be moved to "works as designed".

  • Comment about 1 month ago
    🇺🇸United States dgroene

    Re: "force password reset feature isn't tied to a policy." When editing policies (in version 4.0.3), there is a field called "Password Reset Days" with the help text "User password will reset after the selected number of days. 0 days indicates that passwords never expire." I don't understand why this field exists if password reset is outside the scope of policies?

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024