Steps to reproduce:
- Log off if necessary
- Request a new password
- Log back in with the old password [a]
- On receiving the password reset email, click on that link to log on [b]
- You are taken to the home page of the site, with a message "You are logged in as USERNAME. [LINK]Change your password[/LINK].
- Following the link takes you to the user edit form, which requires the current password if you enter a new one
Note that this requires 2 steps which don't seem terribly logical on the part of the user:
[a] Why would you request a new password, and then log in?
[b] Having logged in again, why would you click the link in the email?
Possible explanations include:
* the user was on the wrong machine or the wrong browser, and then remembered to switch to something that has their password stored.
* the user simply remembered it after requesting the reset
* the user is currently logged in, but is aware that they have forgotten their password, and wishes to reset it, and therefore goes to the site in a 2nd browser to get a password reset email sent to them, because that's the only way they know to reset their password without knowing the existing one.
|PASSED: [[SimpleTest]]: [PHP 5.4 MySQL] 65,233 pass(es). |
[ View ]