When the "Remove password change fields from user edit form" option is checked, the user still sees the following message on a failed login attempt:

Sorry, unrecognized username or password. Have you forgotten your password?

This message links to the password reset form path, which simply returns "Page not found."

I'm working around this issue by using the No Request New Password module, which removes the link to the password reset form from this error message. Still, for completeness' sake, it seems like the "Remove password change" option should remove the broken link as well.

CommentFileSizeAuthor
#4 reset_password_removed-594598-4.patch1.11 KBeporama

Comments

tbertin’s picture

Did you have any luck removing this?

xjm’s picture

johnbarclay’s picture

Assigned: Unassigned » johnbarclay
eporama’s picture

Version: 6.x-1.0-beta1 » 6.x-1.x-dev
Status: Active » Needs review
StatusFileSize
new1.11 KB

Here's a patch to the 6.x-1.x branch that completes the functionality within ldapauth without using noreqnewpass.

johnbarclay’s picture

Looks good. I committed this, but will leave it as needs review until it has at least one other person look at it.

verta’s picture

Subscribing, will test this soon, I hope. Currently we use the No Request New Password module, so will be disabling it for testing.

cgmonroe’s picture

This works for user login block but does not work for the user/login page. This is because they use different forms.

There is a simple fix however, just add an extra "case: 'user_login':" statement to the switch in the ldap_form_alter() function. Here's what the new code should look like.

  switch ($form_id) {
    case 'user_login_block':
    case 'user_login':
      if (LDAPAUTH_DISABLE_PASS_CHANGE) {

WIth this added, the "forgot your password" part of the message is removed for both login blocks and the full login page.

johnbarclay’s picture

this makes sense. it should also have a check for user->uid = 1, so user 1 can see this link.

    case 'user_login_block':
    case 'user_login':
      if (LDAPAUTH_DISABLE_PASS_CHANGE && $user->uid != 1) {
        unset($form['links']);
        $key = array_search('user_login_final_validate', $form['#validate']);
        $form['#validate'][$key] = 'ldapauth_user_login_final_validate';
      }
cgmonroe’s picture

Status: Needs review » Closed (fixed)

Have tested and committed these last two changes.

Marking this as closed/fixed.