There are two options for the "Blocking expired accounts" setting:

  • '0' => Expired accounts are blocked. Only administrators can unblock them
  • '1' => The user with expired account is not blocked, but sent to a change password page. If the password is not changed, the account is blocked and the user cannot login again.

Looking at the code, suspect the latter (bolded) part of the second statement is not true. An account's status is only set to 0 in two places:

  1. in hook_user(op=login), but only where (variable_get('password_policy_block', 0) == 0)
  2. in hook_cron(), but only where (variable_get('password_policy_block', 0) == 0)

So if the second "Blocking expired accounts" option is selected ('1'), the account will *not* be blocked. Is this a functionality bug, or an interface/documentation bug?

FWIW, I prefer the way this option appears to behave today, where it does not block the user, but forces him to enter a new password to utilize the site.

Thanks!

CommentFileSizeAuthor
#4 fix_blocking_expired_accounts_help_text-2093437-4.patch2.64 KBaohrvetpv
#2 fix_blocking_expired_accounts_help_text-2093437-2.patch1.01 KBaohrvetpv

Comments

erikwebb’s picture

erikwebb commented

You're right. The help text is incorrect. I think the current behavior is correct. Can you provide a patch to fix the help text?

erikwebb’s picture

erikwebb commented
Issue summary: View changes

grammar

aohrvetpv’s picture

aohrvetpv commented
Version: 6.x-1.x-dev » 7.x-1.x-dev
Issue summary: View changes
Status: Active » Needs review
StatusFileSize
new fix_blocking_expired_accounts_help_text-2093437-2.patch1.01 KB

This text should be correct. Please review. The labels for the two options have a redundant sentence but I think it is perhaps important to convey that the user will be forced to change their password in both cases.

ryan_courtnage’s picture

ryan_courtnage commented
Status: Needs review » Reviewed & tested by the community

looks good

aohrvetpv’s picture

aohrvetpv commented
Status: Reviewed & tested by the community » Needs review
StatusFileSize
new fix_blocking_expired_accounts_help_text-2093437-4.patch2.64 KB

README.txt also had the error. Corrected the password expiration section there, and reformatted lines to <= 80 characters per https://drupal.org/node/447604. Please review.

deekayen’s picture

deekayen commented
Status: Needs review » Fixed
deekayen’s picture

deekayen commented
Version: 7.x-1.x-dev » 7.x-2.x-dev
Status: Fixed » Patch (to be ported)
aohrvetpv’s picture

aohrvetpv commented
Version: 7.x-2.x-dev » 6.x-1.x-dev

Thanks for the commit. Just confirmed this bug does not exist in 7.x-2.x, because it does not have an option to block users whose passwords have expired. It also does not (yet) have a README.txt.

6.x-1.x still has this bug, though.

  • Commit d990e3f on 6.x-1.x by AohRveTPV: 
    Issue #2093437 by AohRveTPV, ryan_courtnage: Fixed Should (...
aohrvetpv’s picture

aohrvetpv commented
Status: Patch (to be ported) » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.