Setting the delay constraint to any number of hours X will prevent user registration in under X hours.
Steps to reproduce:
1. Create/enable policy that applies to authenticated user with delay constraint value set to 1.
2. Administration->Configuration->People->Account settings->Registration and cancellation->Who can register accounts?: Visitors
3. Register a new account. Follow one-time login link from e-mail.
4. Attempt to set password and submit => Submission fails due to delay constraint.
I believe the problem is that entries are being saved to password_policy_history even when there is no password field on the user form (i.e., in the first step of user registration where you just set a username and e-mail address).
Comments
Comment #1
erikwebb commentedI'm marking this as postponed, because of #1682928: Password reset with password change attempts. Once we get the first issue fixed related to registration, hopefully the rest will also be fixed.
Comment #2
erikwebb commented#1682928: Password reset with password change attempts