- Issue created by @dianacastillo
- Status changed to Postponed: needs info
23 days ago 12:55am 5 June 2024 - πΊπΈUnited States cmlara
I'm going to need more details on reproducing this.
On a default install of core the password reset request page does not send a user to the login page nor does a password reset send a user to a login page.
Is this on every account or just an account with TFA enabled?
Any other login related modules installed and if so does the error occur with them disabled? - πΊπΈUnited States dianacastillo Miami
i clicked on forgot password, then got a link in the mall. the link took me to a page that said Login . thats when i got the error.
- πΊπΈUnited States dianacastillo Miami
attached is image of page i get after the email link and before the error .
- Status changed to Needs work
22 days ago 7:35pm 5 June 2024 - Status changed to Active
22 days ago 7:37pm 5 June 2024 - π΅πΉPortugal jcnventura
Nothing needing work. Unless you submitted a partial patch, and forgot the patch.
- Status changed to Postponed
22 days ago 7:58pm 5 June 2024 - πΊπΈUnited States cmlara
Thank you for the response, that helps clarify the steps to reproduce (request password reset link and visit the link received via email).
π Use an EventSubscriber to process one time login links Needs work is partially related as Password Reset links are not yet fully functional in 2.x after adding π Installing contrib modules can lead to TFA accidently being bypassed Fixed . We currently refuse all resets as part of the fail-secure code.
The attached screenshot in #6 is also not a normal Drupal Password reset page, possibly added to workaround π Bingpreview invalidates one time login links Active in core. As noted previously we would need to know the name of the module that generates the page.
I'm not sure if π Use an EventSubscriber to process one time login links Needs work will solve the issue or not however until we have unmodified core working we really can't evaluate the impact of custom code.
Setting postponed on the parent issue. Please provide the additional details regarding the custom module installs and we can re-evaluate this after the parent fix is in mainline.