Download & Extend
LDAP integration » Issues

Failed login still triggers "Have you forgotten your password?" link

Posted by xjm on October 2, 2009 at 9:51pm
Project:LDAP integration
Version:6.x-1.x-dev
Component:User interface
Category:bug report
Priority:normal
Assigned:johnbarclay
Status:closed (fixed)

Issue Summary

When the "Remove password change fields from user edit form" option is checked, the user still sees the following message on a failed login attempt:

Sorry, unrecognized username or password. Have you forgotten your password?

This message links to the password reset form path, which simply returns "Page not found."

I'm working around this issue by using the No Request New Password module, which removes the link to the password reset form from this error message. Still, for completeness' sake, it seems like the "Remove password change" option should remove the broken link as well.

Login or register to post comments

Comments

#1

Posted by tbertin on August 5, 2010 at 5:40pm

Did you have any luck removing this?

#2

Posted by xjm on August 5, 2010 at 8:36pm

As I mentioned, I use:
http://drupal.org/project/noreqnewpass

#3

Posted by johnbarclay on August 3, 2011 at 5:05am
Assigned to:Anonymous» johnbarclay

#4

Posted by eporama on September 2, 2011 at 5:21pm
Version:6.x-1.0-beta1» 6.x-1.x-dev
Status:active» needs review

Here's a patch to the 6.x-1.x branch that completes the functionality within ldapauth without using noreqnewpass.

AttachmentSize
reset_password_removed-594598-4.patch 1.11 KB

#5

Posted by johnbarclay on September 2, 2011 at 6:16pm

Looks good. I committed this, but will leave it as needs review until it has at least one other person look at it.

#6

Posted by verta on November 4, 2011 at 10:21pm

Subscribing, will test this soon, I hope. Currently we use the No Request New Password module, so will be disabling it for testing.

#7

Posted by cgmonroe on February 8, 2012 at 7:13pm

This works for user login block but does not work for the user/login page. This is because they use different forms.

There is a simple fix however, just add an extra "case: 'user_login':" statement to the switch in the ldap_form_alter() function. Here's what the new code should look like.

  switch ($form_id) {
    case 'user_login_block':
    case 'user_login':
      if (LDAPAUTH_DISABLE_PASS_CHANGE) {

WIth this added, the "forgot your password" part of the message is removed for both login blocks and the full login page.

#8

Posted by johnbarclay on February 8, 2012 at 7:55pm

this makes sense. it should also have a check for user->uid = 1, so user 1 can see this link.

   
    case 'user_login_block':
    case 'user_login':
      if (LDAPAUTH_DISABLE_PASS_CHANGE && $user->uid != 1) {
        unset($form['links']);
        $key = array_search('user_login_final_validate', $form['#validate']);
        $form['#validate'][$key] = 'ldapauth_user_login_final_validate';
      }

#9

Posted by cgmonroe on February 9, 2012 at 7:39pm
Status:needs review» closed (fixed)

Have tested and committed these last two changes.

Marking this as closed/fixed.