Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Changing the password without prior verification of the old password #204

Open
DragomirStefanaCatalina opened this issue Mar 31, 2020 · 1 comment
Open

Changing the password without prior verification of the old password #204

DragomirStefanaCatalina opened this issue Mar 31, 2020 · 1 comment
Labels
nice-to-have

Comments

@DragomirStefanaCatalina
Copy link

Starting point: http://dev.rohelp.ro/en/admin/auth/user/6/change/

Expected:
Change your password after prior verification of the old password

Actual:
The user is permitted to change the password without prior verification of the old password by typing the old password

Steps performed/Reproduction:

  1. Log in
  2. Go to Authentication & Authorization Menu
  3. Select the Users submenu
  4. Click on your user
  5. Simple click on

this form

Screenshot 2020-03-31 at 19 08 18

  1. Type in the new password twice for both fields
    Screenshot 2020-03-31 at 19 06 53

  2. Click on

Change password

  1. Password changed successfully
    Screenshot 2020-03-31 at 19 17 24
@cristina0botez
Copy link

This is actually expected behaviour. This form is useful in the situations when the user forgot the password and it needs to be reset by an admin. I don't think it's worth customising the form for the current user, especially because there is a "Change Password" shortcut in the quick-nav bar

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
nice-to-have
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cristina0botez @catileptic @DragomirStefanaCatalina