Hi all,
We have a problem changing the temporarily password assigned by
Extension:ConfirmAccount<https://www.mediawiki.org/wiki/Extension:Confir…nt>.
Because I suspect it's a more general problem so I'll post it here.
The problem is that the password apparently isn't changed after submitting a new one.
Use case:
- After creation of the account (or resetting it via 'Forgot password') and
logging in with the given temporarily password I get the message "You logged in with
a temporary emailed code. To finish logging in, you must set a new password here".
- I change the password (submitting 2 times a new value)
- I get no error message and I'm being redirected (so successful login) to the
homepage.
- BUT: if I log off and try to login again I've to use the old/temporarily password,
the new one is not accepted
- If I repeat this (login in with the old password, enter a new one) and go directly to
the Speciaal:ChangeCredentials page and change the password, log off and log in again, it
works fine.
In the meantime we have applied a (temporary) patch in the mediawiki-code to avoid the
step for changing the temporary password.
in File:
/home/hz01/mediawiki/core/includes/auth/TemporaryPasswordPrimaryAuthenticationProvider.php
the following is changed:
protected function getPasswordResetData( $username, $data ) {
// Do not reset password (workaround!)
return [];
/* return (object)[
'msg' => wfMessage( 'resetpass-temp-emailed'
),
'hard' => false,//true,
];*/
}
This means that the user is still obliged to change his/her password after they receive
the email.
Of course this is not optimal, and we would like to know:
a. if there is another (official) way to step over the forced changing of the temporary
password
b. (Better!) is there a way to store the newly entered password?
It's a black box to me. Where do I have to look for an error message?
Thanks in advance for your help.
Met vriendelijke groet,
Kind regards,
Marlon