Ticket #20186 (new Bug)
Opened 16 months ago
Password reset inconsistency
Reported by: | puittenbroek | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | 4.x |
Component: | General | Version: | 4.3 |
Keywords: | Cc: |
Description
Problem
Password mailing can be triggered in two ways:
- By user (mail_password_form)
- By admin (User & groups control panel)
In both cases, the email sent is the same (except for the URL hash) and end with the sentence:
"If you didn't expect to receive this email, please ignore it. Your password has not been changed."
This isn't true when done by an admin, the code in usergroups.py actually generates a 56-character password and sets this for the user.
See code here:
https://github.com/plone/plone.app.controlpanel/blob/master/plone/app/controlpanel/usergroups.py
Lines: 337 and 353
Possible solutions
- Use a different text when password reset is triggered by admin
- Do not change the password when triggered by admin
- Alternatively, make it optional via setting if the user&groups passwordreset should set the password or not.
For the latter, the e-mail text should change depending on the option.
Note: See
TracTickets for help on using
tickets.