Contrib.social

Incompatibility with the password_policy module

Open on Drupal.org →
Created on 6 October 2025, 3 days ago

Problem/Motivation

roleassign_form_alter() replaces the roles element.
In the password_policy module, _password_policy_get_edited_user_roles() relies on the roles element to determine which roles the edited user will get, upon submitting the form.

The "authenticated" role is never part of the options of the roles element, as it is rebuilt by roleassign, so any policy that should apply to all authenticated users is never validated.

Steps to reproduce

  1. Install and enable both the password_policy and roleassign modules.
  2. Configure roleassign so that a given role can only assign any subset of the available roles
  3. Add a password policy, and apply it to the "Authenticated" role
  4. Try adding a user, using an account with the role configured in 2.
  5. The password policy validation won't trigger.

Proposed resolution

Wouldn't it make sense to always include the authenticated role as part of the assignable roles?
In core the checkbox is always checked, and disabled.

Remaining tasks

User interface changes

API changes

Data model changes

Feature request
Status

Active

Version

2.0

Component

Code

Created by

🇫🇷France arousseau

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

No activities found.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024