Ticket #20186 (new Bug)

Opened 16 months ago

Password reset inconsistency

Reported by: puittenbroek Owned by:
Priority: minor Milestone: 4.x
Component: General Version: 4.3
Keywords: Cc:

Description

Problem

Password mailing can be triggered in two ways:

  • By user (mail_password_form)
  • By admin (User & groups control panel)

In both cases, the email sent is the same (except for the URL hash) and end with the sentence:
"If you didn't expect to receive this email, please ignore it. Your password has not been changed."

This isn't true when done by an admin, the code in usergroups.py actually generates a 56-character password and sets this for the user. See code here:  https://github.com/plone/plone.app.controlpanel/blob/master/plone/app/controlpanel/usergroups.py

Lines: 337 and 353

Possible solutions

  • Use a different text when password reset is triggered by admin
  • Do not change the password when triggered by admin
  • Alternatively, make it optional via setting if the user&groups passwordreset should set the password or not.

For the latter, the e-mail text should change depending on the option.

Note: See TracTickets for help on using tickets.