Loading...

XML

Word

Printable

Type: Improvement
Resolution: Fixed
Priority: Major
Fix Version/s: 2.6, DEV backlog
Affects Version/s: 1.9.9, 2.5
Component/s: Authentication
Labels:
- CatalystIT
- Partner
- triaged
- ui_change

Affected Branches:
MOODLE_19_STABLE, MOODLE_25_STABLE
Fixed Branches:
MOODLE_26_STABLE
Pull from Repository:
https://github.com/peterbulmer/moodle/
Pull Main Branch:
passwordreset-2013-10-07-1031Z
Pull Main Diff URL:
https://github.com/peterbulmer/moodle/compare/passwordreset-2013-10-07-1031Z
Testing Instructions:
Hide

1. Apply this patch, hit notifications to trigger db upgrade
2. Go to login page, click the forgot password link
3. Supply valid username
4. Check email inbox for that user & click link in email from moodle
5. Enter new password (twice)
6. Check that you are now logged in, and can logout & log back in with your new password.

You can re-run this procedure with permutations of

protect usernames on/off

new install of moodle with this code, vs upgrade.

supplying username, or email address at forgot password screen

supplying correct details multiple times (should get max 2 emails)

supplying invalid user details
Although obviously the number of trials skyrockets pretty quickly.
Show
1. Apply this patch, hit notifications to trigger db upgrade 2. Go to login page, click the forgot password link 3. Supply valid username 4. Check email inbox for that user & click link in email from moodle 5. Enter new password (twice) 6. Check that you are now logged in, and can logout & log back in with your new password. You can re-run this procedure with permutations of protect usernames on/off new install of moodle with this code, vs upgrade. supplying username, or email address at forgot password screen supplying correct details multiple times (should get max 2 emails) supplying invalid user details Although obviously the number of trials skyrockets pretty quickly.

As the administrator for a 1.98 site, I have many users who say that the current forgotten password reset procedure is complicated. Would it be possible to have a system as follows:

1. On the Forgotten password page, user types in username or email address.
2. Email is sent to person. If they confirm that they want to change their password, they click on the provided link.
3. They are taken to a change password page where they would need to enter a password conforming to the standards set up by the security settings.

So instead of Moodle auto-generating a temporary password and emailing it to the person, the person can directly choose a new password.

has been marked as being related by

MDL-46666 Email-based self-registration not always working

Closed

MDL-71176 New password and change forms should have autocomplete="new-password"

Closed

will help resolve

MDL-37866 improve usability of randomly generated passwords (ie. in cron for new accounts)

Closed

Assignee:: Peter Bulmer

Reporter:: Michael Buchanan

Peer reviewer:: Frédéric Massart

Integrator:: Damyon Wiese

Tester:: Adrian Greeve

Participants:: Adrian Greeve, Beatriz Beltran, Bernd Albers, CiBoT, Damyon Wiese, Dan Marsden, David Bedelis, Eloy Lafuente (stronk7), Frédéric Massart, Helen Foster, Martin Dougiamas, Michael Buchanan, Niall Julian, Peter Bulmer, Petr Skoda, Sam Hemelryk

Votes:: 11 Vote for this issue

Watchers:: 20 Start watching this issue

Created:: 07/Aug/10 5:28 AM

Updated:: 23/Mar/21 6:42 AM

Resolved:: 11/Oct/13 10:11 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates

Clockify