- Issue created by @zebda
- πΊπΈUnited States cmlara
Most modules I have seen do this have special handling for the password reset route and login_destination appears to be no different https://git.drupalcode.org/project/login_destination/-/blob/5ba35c477e9b...
We did see similar with https://www.drupal.org/project/tfa/issues/3108099#comment-15337414 β¨ Redirect to validation setup after login without tfa Needs work , while not the same code it is inherently the same problem, a 3rd party module is changing the destination after we have set a destination.
For now my suggestion would be to disable the login_destination module to allow Password Resets to function.
On cursory thoughts I can not think of a way we can avoid all of these redirect modules not having some issue that needs to be coded for on their side without a new API being added to core.
I'm moving this issue to login_destination as it is that module code that is changing the destination redirect.
- πΊπΈUnited States davisben NH
I ran ran into this issue also. I got it working by checking if a pass-reset-token query parameter exists, and if so, ignore any configured destinations. This is almost certainly not a fix that covers all use cases, but I'm posting the patch in case it's helpful to anyone else.
- π¬π§United Kingdom somersoft
Applied paychin #3 and it worked for me too.
- π¨πSwitzerland redzeuf Geneva
This patch #3 works but it does goes through the TFA verification before redirecting. It mean that anybody asking for reset password can directly be identified if he get the reset URL.