Password reset process v3.1


#1

Some of our users have been confused by the password reset system though every time I test it, it works.

One anomaly is that upon logging in again and responding to a request to change the password, once it is submitted the following message appears: “The current role does not have access to this operation.”

In fact depite this message the user’s preferred password has been accepted. Why does this message appear and can it be suppressed?


#2

I need to add to this query. What users have complained of is going constantly in a circle of password resets. Having tested it I believe that somebody entering an invalid username in the login box will not have it validated. So if using the password reset system he or she provides the correct email address then the password reset process will continue and next time a login attempt is made the wrong username will be entered again and the login fail.

It appears that there should be username validation in the password reset process.