We recently upgraded to hostmaster 6.x-1.11 but we got some problems with one time logins. The task runs succesfull but the login link is not shown to the user. (admin user works fine, others don't).
According to the latest commits the security fix for one time logins breaks the right behavior.
The user_access check chould check for "create login_reset task" rather than "create login-reset task"

Comments

valkum’s picture

Project: Hosting Profile Roles » Hosting
Version: 6.x-1.x-dev » 7.x-3.x-dev
Parent issue: » #1220062: Possible security risk with "login reset" task

moved to hosting issue queue. Why the hell is the issue related to the commit in hosting_profile_roles queue?

valkum’s picture

Version: 7.x-3.x-dev » 6.x-2.x-dev
ergonlogic’s picture

Status: Needs work » Closed (outdated)

The 6.x-2.x branch will go EOL along with Drupal this week. So I'm closing this issue. If it remains a confirmed issue in 7.x-3.x, feel free to re-open, or better yet, create a new issue referencing this one.