Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-59298

Confusing email if users who previously logged in using OAuth 2 auth request a new password

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      1. Log in as admin
      2. Set-up MailCatcher (https://mailcatcher.me) or MailHog (https://github.com/mailhog/MailHog) or similar.
      3. Enable oauth2 authentication plugin
      4. Create 2 user accounts (user1 & user2) with authentication method set to email for user1, and oauth2 for user2. Keep note of the users' username and email.
      5. Log out
      6. Go to the forgot password page
      7. Enter username or email of the user1
      8. Verify that the email that is sent to user1 contains a link to reset the password
      9. Go to the forgot password page again
      10. Enter username or email of the user2
      11. Verify that the email that is sent to user2 says that their password cannot be reset because they are using their account on another site to log in
      Show
      Log in as admin Set-up MailCatcher ( https://mailcatcher.me ) or MailHog ( https://github.com/mailhog/MailHog)  or similar. Enable oauth2 authentication plugin Create 2 user accounts (user1 & user2) with authentication method set to email for user1, and oauth2 for user2. Keep note of the users' username and email. Log out Go to the forgot password page Enter username or email of the user1 Verify that the email that is sent to user1 contains a link to reset the password Go to the forgot password page again Enter username or email of the user2 Verify that the email that is sent to user2 says that their password cannot be reset because they are using their account on another site to log in
    • Affected Branches:
      MOODLE_33_STABLE
    • Fixed Branches:
      MOODLE_37_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-59298-master

      Description

      Since enabling OAuth 2 authentication on moodle.org and learn.moodle.net, our support email has received a number of messages from users who previously logged in using OAuth 2 auth wanting a new password. Obviously they can't reset their password via Moodle, but if they try, they receive an email containing the text emailpasswordchangeinfofail | core

      Hi {$a->firstname},

      Someone (probably you) has requested a new password for your account on '{$a->sitename}'.

      Unfortunately passwords cannot be reset on this site. Please contact the site administrator {$a->admin}.

      This is confusing, because passwords CAN be reset on the site, just not for users who previously logged in using OAuth 2 auth.

      I suggest we create a new language string with wording as follows (or similar):

      Hi {$a->firstname},

      Someone (probably you) has requested a new password for your account on '{$a->sitename}'.

      It is not possible to reset your password if you previously logged in using your account on another site. Please log in as before, using the link on the login page.

      {$a->admin}

      (with maybe a link to the login page).

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              rezaie9 Shamim Rezaie
              Reporter:
              tsala Helen Foster
              Peer reviewer:
              David Mudrák (@mudrd8mz)
              Integrator:
              Eloy Lafuente (stronk7)
              Tester:
              Anna Carissa Sadia
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
              Votes:
              3 Vote for this issue
              Watchers:
              9 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                20/May/19

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 day, 1 hour, 35 minutes
                  1d 1h 35m