Password update doesn't store new password history

Hello! This module is excellent - thank you for all your work!

I've implemented password policy and it seems that it doesn't update the password_policy_history table with the user's latest password hash & creation time when they UPDATE their password.... only when the create their password the first time.

Is this the intended functionality? Had anyone else experienced this?

I had to make the following changes to get this to update as expected when a user changes/updates their password. Or am i missing something/doing something wrong? Any help would be greatly appreciated!

in password_policy_password_tab.pages.inc
in function password_policy_password_tab_submit($form, &$form_state)
changed:

  user_save($account, array('pass' => $form_state['values']['pass']));

to:

  user_save($account, array('pass' => $form_state['values']['pass']));

		if(!empty($form_state['values']['_account']->pass)){ 
           _password_policy_store_hash($account->uid, $form_state['values']['_account']->pass); 
		} 

in password_policy.module
in function password_policy_user($op, &$edit, &$account, $category = NULL)
changed:

    case 'update':
      if ($account->force_password_change && isset($account->pass) && $user->uid == $account->uid) {
        db_query('UPDATE {password_policy_force_change} SET force_change = 0 WHERE uid = %d', $account->uid);
      }
      elseif (!empty($edit['force_password_change'])) {
        db_query('UPDATE {password_policy_force_change} SET force_change = 1 WHERE uid = %d', $account->uid);
        if ($user->uid != $account->uid) {
          drupal_set_message(t('@user will be required to change their password the next time they log in.', array('@user' => $account->name)));
        }
        watchdog('password policy', '@user flagged to change password on next login by @admin', array('@user' => $account->name, '@admin' => $user->name), WATCHDOG_NOTICE);
      }

      if (isset($edit['status']) && $edit['status'] != $account->status && $edit['status'] == 1) {
        // Account is being unblocked.
        db_query('UPDATE {password_policy_expiration} SET unblocked = %d WHERE uid = %d', time(), $account->uid);
      }
	  
      break;

to:

    case 'update':
      if ($account->force_password_change && isset($account->pass) && $user->uid == $account->uid) {
        db_query('UPDATE {password_policy_force_change} SET force_change = 0 WHERE uid = %d', $account->uid);
      }
      elseif (!empty($edit['force_password_change'])) {
        db_query('UPDATE {password_policy_force_change} SET force_change = 1 WHERE uid = %d', $account->uid);
        if ($user->uid != $account->uid) {
          drupal_set_message(t('@user will be required to change their password the next time they log in.', array('@user' => $account->name)));
        }
        watchdog('password policy', '@user flagged to change password on next login by @admin', array('@user' => $account->name, '@admin' => $user->name), WATCHDOG_NOTICE);
      }

      if (isset($edit['status']) && $edit['status'] != $account->status && $edit['status'] == 1) {
        // Account is being unblocked.
        db_query('UPDATE {password_policy_expiration} SET unblocked = %d WHERE uid = %d', time(), $account->uid);
      }

		if(!empty($edit['mail'])){
          _password_policy_store_hash($account->uid, $account->pass);
		} 
	  
      break;

Without the above, the users password expiration essentially wouldn't update if they updated their password and they'd still get (incorrect) notices.

PS - Recently i patched password policy module for phpass module integration http://drupal.org/node/598424 ... not sure if that affected this. But the above fixes i mention won't work verbatim for you if you don't have that patch.