The change password url, which is where you get directed when you are forced to change your password, is currently set to user/edit.

This normally causes you to end up on the user/edit/account form as it is the default in drupal core.

However it is very easy for other modules to change the default tab to another profile tab if it is more relevant for the site.

For example, I have a user profile tab (using profile2) that has all the users details on it and I have made it so that that is the default tab for the user account edit page.

This means when a user is forced to update their password, they are taken to user/edit, whicih is now the profile tab and does not have a password field on it.

The easy solution for this is to have the change password url be user/edit/account, whcih will always be the drupal account form (unless some developer is making huge changes, in which case that doesn't really have to be supported).

Another potential solution is to have an additional field on the force change settings page where you can set the url for the password change page (and have it default to user/edit/account).

Comments

rooby’s picture

Status: Active » Needs review
StatusFileSize
new716 bytes

Here is a patch for the easy solution.

Status: Needs review » Needs work

The last submitted patch, password_policy-change_password_url-1479514-1.patch, failed testing.

rooby’s picture

Status: Needs work » Needs review
StatusFileSize
new2.08 KB

An attempt at fixing the failed tests.

erikwebb’s picture

Category: bug » feature
Status: Needs review » Fixed

Looks good to me. Inevitably I think this URL could be changed by other modules or move around the form. I don't think there's really a perfect answer here, but you're right that this URL is more specific.

http://drupalcode.org/project/password_policy.git/commit/85bc995

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.