Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
In the function logintoboggan_form_user_pass_reset_alter(), we use the following code to display a message on password reset:
_logintoboggan_process_validation($account);
drupal_set_message(t('You have successfully validated your e-mail address.'));
_logintoboggan_process_validation() properly checks that the non-authenticated role is not "authenticated user" before doing any processing. The message though, is outside of this logic and will always be dispalyed, even if I'm not making use of an unauthenticated role.
I think the message should either be wrapped in a similar check, or moved inside _logintoboggan_process_validation().
Comment | File | Size | Author |
---|---|---|---|
#3 | logintoboggan-cleanup_form_user_pass_reset_alter-2144901-3-7.x-1.x-dev.patch | 1.97 KB | GuyPaddock |
#1 | logintoboggan-validated-email-message-2144901-1.patch | 722 bytes | EAnushan |
Comments
Comment #1
EAnushan CreditAttribution: EAnushan commentedAttached patch.
Comment #2
GuyPaddock CreditAttribution: GuyPaddock at RedBottle Design, LLC for House at Work commentedThe reason why the message should be displayed regardless is because the user is still confirming their e-mail address by clicking the link, regardless of whether or not the site is using the pre-auth role.
You want to tell the user that they have successfully confirmed their email address.
If I am wrong about that, then you are indeed correct that the same check should be applied here. But, if I am correct, then the message should be pulled out of being wrapped by the conditional for pre-auth entirely.
On a related note, though, the way that the pre-auth is handled actually causes the success message to appear on multiple pages when LoginToboggan is used in conjunction with the Password Reset Landing Page (PRLP) module.
Comment #3
GuyPaddock CreditAttribution: GuyPaddock at RedBottle Design, LLC for House at Work commentedI think I see what the OP was talking about -- the user always gets the message, even when resetting their password, no?
In any event, the attached patch reworks a lot of the logic in
logintoboggan_form_user_pass_reset_alter()
, as follows:Comment #4
MrPeanut CreditAttribution: MrPeanut commented@GuyPaddock — Your patch didn't apply anymore, but I applied it manually. It fixed my issue with PRLP which I was having (like you mentioned in #2). I could then manually add info to the PRLP page. Thank you!
Comment #5
lukedekker CreditAttribution: lukedekker commentedPatch from #3 applies cleanly against 7.x-1.5.
Definitely a better way of doing things and makes a lot more sense for it to work this way.
Comment #7
stevecowie CreditAttribution: stevecowie as a volunteer commentedThis is now pushed to dev. Sorry it's taken so long.
Comment #8
stevecowie CreditAttribution: stevecowie as a volunteer commented