Some of our users have been confused by the password reset system though every time I test it, it works.
One anomaly is that upon logging in again and responding to a request to change the password, once it is submitted the following message appears: “The current role does not have access to this operation.”
In fact depite this message the user’s preferred password has been accepted. Why does this message appear and can it be suppressed?
I need to add to this query. What users have complained of is going constantly in a circle of password resets. Having tested it I believe that somebody entering an invalid username in the login box will not have it validated. So if using the password reset system he or she provides the correct email address then the password reset process will continue and next time a login attempt is made the wrong username will be entered again and the login fail.
It appears that there should be username validation in the password reset process.
I would appreciate any comments on this as it is a problem which causes users a great deal of frustration when it occurs.
Have you been able to recreate the kind of circular password reset process that you describe? I haven’t been able to in local testing.
We do sometimes hear about users getting lost in the reset process, but that’s generally because they get impatient waiting for the password reset email to come in and request a second message. Then the first one comes through, but it’s no longer valid because of the second reset.
Public Knowledge Project Team
Having been through the process again I do accept that in order to experience this fault the user will have to have ignored the second email in which the correct username is stated. If they do that people will simply go round in a circle. However, I can see that username validation would still result in an email system to correct it so not a big step forward. We have a relatively elderly user base so this sort of error is not that rare for us.