-
Bug
-
Resolution: Fixed
-
Minor
-
3.6.6, 3.7, 3.8
-
MOODLE_36_STABLE, MOODLE_37_STABLE, MOODLE_38_STABLE
-
MOODLE_36_STABLE, MOODLE_37_STABLE
-
MDL-66984-change_password_url-with-user -
The auth api explicitly says that change_password_url() can use the $USER global:
https://github.com/moodle/moodle/blob/master/lib/authlib.php#L155
But this contract is broken when it uses this in the forgot password process when they are not currently logged in:
https://github.com/moodle/moodle/blob/master/lib/moodlelib.php#L6526
We have some custom auth plugins where you can get a nicer user experience by deep linking to the users profile page or password change url for that user, it's not a generic url (or the generic url requires an extra couple clicks to get where you want to go)
- has been marked as being related by
-
MDL-66581 Password reset email doesn't fill in $a->link when auth_method is LDAP
- Closed
-
MDL-59298 Confusing email if users who previously logged in using OAuth 2 auth request a new password
- Closed
- will help resolve
-
MDL-67134 change_password_url() is used for change password for logged-in and not logged-in users
- Open