Summary
After a user has set the new password, passpolicy does not always return the user to the login page.
With passpolicy plugin disabled, the default behaviour returns to the login page after the password has been changed.
Behaviour
-
When autopasswd is 0, and plugin->passpolicy->supressuserhints is 1:
- A change link is emailed to the user. This allows them to change the password.
- The password change is successful, but it stays on the "Set new password" page, and there is no confirmation message to show the password has been changed successfully. This causes some user confusion as their password has been changed, but it looks like it hasn't worked.
- If the user clicks the "Set new password" button again, they get the message "Sorry, this auth code is not valid. Make sure you used the complete confirmation link."
-
When autopasswd is 0, and plugin->passpolicy->supressuserhints is 0:
- A change link is emailed to the user. This allows them to change the password.
- The password change is successful, and the login page is displayed after the change.
-
When autopasswd is 1, and plugin->passpolicy->supressuserhints is 0:
- A change link is emailed to the user. When the confirmation link is sent, DW returns to the login page.
- When the user follows the link, the new password is sent by email. Login page still displayed.
-
When autopasswd is 1, and plugin->passpolicy->supressuserhints is 1:
- A change link is emailed to the user.
- When the confirmation link is sent, DW stays on the "Set new password" page.
- This page is confusing, because it asks the user "Please enter a new password", but what is prompted for is the username. (Which we've already done) While testing this, I have several times entered a password in the username box!
- When the user follows the link, the new password is sent by email. A message is shown confirming "Your new password has been sent by email." DW stays on the "Set new password" page
Expected Behaviour
Always return to the login page after the password has been successfully changed.
Environment
On a new DW install with no other plugins except the defaults installed.
DokuWiki version: Release 2022-07-31a "Igor"
PHP version 7.4.33
More than 32MB RAM (128 MB) available.
Changelog is writable
conf directory is writable
mb_string extension is available and will be used
Your locale C seems not to be a UTF-8 locale, you should fix this if you encounter problems.
Debugging support is disabled
You are currently logged in as admin (Admin)
You are part of the groups admin, user
Your current permission for this page is 255
The current page is writable by the webserver
The current page is writable by you
The search index seems to be working
Server time seems to be okay. Diff: 0s
Summary
After a user has set the new password, passpolicy does not always return the user to the login page.
With passpolicy plugin disabled, the default behaviour returns to the login page after the password has been changed.
Behaviour
When
autopasswdis0, andplugin->passpolicy->supressuserhintsis1:When
autopasswdis0, andplugin->passpolicy->supressuserhintsis0:When
autopasswdis1, andplugin->passpolicy->supressuserhintsis0:When
autopasswdis1, andplugin->passpolicy->supressuserhintsis1:Expected Behaviour
Always return to the login page after the password has been successfully changed.
Environment
On a new DW install with no other plugins except the defaults installed.