Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-59298

Confusing email if users who previously logged in using OAuth 2 auth request a new password

XMLWordPrintable

    • MOODLE_33_STABLE
    • MOODLE_37_STABLE
    • MDL-59298-master
    • Hide
      1. Log in as admin
      2. Set-up MailCatcher (https://mailcatcher.me) or MailHog (https://github.com/mailhog/MailHog) or similar.
      3. Enable oauth2 authentication plugin
      4. Create 2 user accounts (user1 & user2) with authentication method set to email for user1, and oauth2 for user2. Keep note of the users' username and email.
      5. Log out
      6. Go to the forgot password page
      7. Enter username or email of the user1
      8. Verify that the email that is sent to user1 contains a link to reset the password
      9. Go to the forgot password page again
      10. Enter username or email of the user2
      11. Verify that the email that is sent to user2 says that their password cannot be reset because they are using their account on another site to log in
      Show
      Log in as admin Set-up MailCatcher ( https://mailcatcher.me ) or MailHog ( https://github.com/mailhog/MailHog)  or similar. Enable oauth2 authentication plugin Create 2 user accounts (user1 & user2) with authentication method set to email for user1, and oauth2 for user2. Keep note of the users' username and email. Log out Go to the forgot password page Enter username or email of the user1 Verify that the email that is sent to user1 contains a link to reset the password Go to the forgot password page again Enter username or email of the user2 Verify that the email that is sent to user2 says that their password cannot be reset because they are using their account on another site to log in

      Since enabling OAuth 2 authentication on moodle.org and learn.moodle.net, our support email has received a number of messages from users who previously logged in using OAuth 2 auth wanting a new password. Obviously they can't reset their password via Moodle, but if they try, they receive an email containing the text emailpasswordchangeinfofail | core

      Hi {$a->firstname},

      Someone (probably you) has requested a new password for your account on '{$a->sitename}'.

      Unfortunately passwords cannot be reset on this site. Please contact the site administrator {$a->admin}.

      This is confusing, because passwords CAN be reset on the site, just not for users who previously logged in using OAuth 2 auth.

      I suggest we create a new language string with wording as follows (or similar):

      Hi {$a->firstname},

      Someone (probably you) has requested a new password for your account on '{$a->sitename}'.

      It is not possible to reset your password if you previously logged in using your account on another site. Please log in as before, using the link on the login page.

      {$a->admin}

      (with maybe a link to the login page).

            rezaie9 Shamim Rezaie
            tsala Helen Foster
            David Mudrák (@mudrd8mz) David Mudrák (@mudrd8mz)
            Eloy Lafuente (stronk7) Eloy Lafuente (stronk7)
            Anna Carissa Sadia Anna Carissa Sadia
            Votes:
            3 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 day, 1 hour, 35 minutes
                1d 1h 35m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.