diff --git a/core/lib/Drupal/Core/Render/Element/PasswordConfirm.php b/core/lib/Drupal/Core/Render/Element/PasswordConfirm.php
index 00295d5..a20b921 100644
--- a/core/lib/Drupal/Core/Render/Element/PasswordConfirm.php
+++ b/core/lib/Drupal/Core/Render/Element/PasswordConfirm.php
@@ -72,7 +72,7 @@ public static function valueCallback(&$element, $input, FormStateInterface $form
public static function processPasswordConfirm(&$element, FormStateInterface $form_state, &$complete_form) {
$element['pass1'] = array(
'#type' => 'password',
- '#title' => t('Password'),
+ '#title' => !empty($element['#title1']) ? $element['#title1'] : t('New password'),
'#value' => empty($element['#value']) ? NULL : $element['#value']['pass1'],
'#required' => $element['#required'],
'#attributes' => array('class' => array('password-field', 'js-password-field')),
@@ -80,11 +80,16 @@ public static function processPasswordConfirm(&$element, FormStateInterface $for
);
$element['pass2'] = array(
'#type' => 'password',
- '#title' => t('Confirm password'),
+ '#title' => !empty($element['#title2']) ? $element['#title2'] : t('Confirm password'),
'#value' => empty($element['#value']) ? NULL : $element['#value']['pass2'],
'#required' => $element['#required'],
- '#attributes' => array('class' => array('password-confirm', 'js-password-confirm')),
'#error_no_message' => TRUE,
+ '#attributes' => array('class' => array('password-confirm', 'js-password-confirm')),
+ '#states' => array(
+ 'visible' => array(
+ ':input[name="pass[pass1]"]' => array('filled' => TRUE),
+ ),
+ ),
);
$element['#element_validate'] = array(array(get_called_class(), 'validatePasswordConfirm'));
$element['#tree'] = TRUE;
diff --git a/core/modules/user/src/AccountForm.php b/core/modules/user/src/AccountForm.php
index af7bae0..729775d 100644
--- a/core/modules/user/src/AccountForm.php
+++ b/core/modules/user/src/AccountForm.php
@@ -14,6 +14,7 @@
use Drupal\Core\Form\FormStateInterface;
use Drupal\Core\Language\LanguageInterface;
use Drupal\Core\Language\LanguageManagerInterface;
+use Drupal\Core\Url;
use Drupal\language\ConfigurableLanguageManagerInterface;
use Drupal\user\Plugin\LanguageNegotiation\LanguageNegotiationUser;
use Drupal\user\Plugin\LanguageNegotiation\LanguageNegotiationUserAdmin;
@@ -119,8 +120,10 @@ public function form(array $form, FormStateInterface $form_state) {
if (!$register) {
$form['account']['pass'] = array(
'#type' => 'password_confirm',
+ '#prefix' => '
' . $this->t('Change password') . '
',
+ '#title2' => $this->t('Confirm new password'),
'#size' => 25,
- '#description' => $this->t('To change the current user password, enter the new password in both fields.'),
+ '#description' => $this->t('To change the current user password, enter the new password.'),
);
// To skip the current password field, the user must have logged in via a
@@ -131,18 +134,45 @@ public function form(array $form, FormStateInterface $form_state) {
$form_state->set('user_pass_reset', $user_pass_reset);
}
+ $protected_values = array();
+ $current_pass_description = '';
+
+ // The user may only change their own password without their current
+ // password if they logged in via a one-time login link.
+ if (!$form_state->get('user_pass_reset')) {
+ $protected_values['mail'] = $form['account']['mail']['#title'];
+ $protected_values['pass'] = $this->t('New password');
+ $request_new = $this->l($this->t('Reset your password'), new Url('user.pass',
+ array(), array('attributes' => array('title' => $this->t('Send password reset instructions via e-mail.'))))
+ );
+ $current_pass_description = $this->t('Confirm your current password to change the %mail or %pass above. !request_new.',
+ array(
+ '%mail' => $protected_values['mail'],
+ '%pass' => $protected_values['pass'],
+ '!request_new' => $request_new,
+ )
+ );
+ }
+
// The user must enter their current password to change to a new one.
if ($user->id() == $account->id()) {
$form['account']['current_pass'] = array(
'#type' => 'password',
'#title' => $this->t('Current password'),
'#size' => 25,
- '#access' => !$form_state->get('user_pass_reset'),
- '#weight' => -5,
+ '#access' => !empty($protected_values),
+ '#description' => $current_pass_description,
// Do not let web browsers remember this password, since we are
// trying to confirm that the person submitting the form actually
// knows the current one.
'#attributes' => array('autocomplete' => 'off'),
+ '#states' => array(
+ // Only show this field when mail or new password has changed.
+ 'visible' => array(
+ array(':input[name="mail"]' => array('!value' => $account->getEmail())),
+ array(':input[name="pass[pass1]"]' => array('filled' => TRUE)),
+ ),
+ ),
);
$form_state->set('user', $account);
diff --git a/core/modules/user/src/Tests/UserEditTest.php b/core/modules/user/src/Tests/UserEditTest.php
index 07daeca..18cc860 100644
--- a/core/modules/user/src/Tests/UserEditTest.php
+++ b/core/modules/user/src/Tests/UserEditTest.php
@@ -47,7 +47,7 @@ function testUserEdit() {
$edit = array();
$edit['mail'] = $this->randomMachineName() . '@new.example.com';
$this->drupalPostForm("user/" . $user1->id() . "/edit", $edit, t('Save'));
- $this->assertRaw(t("Your current password is missing or incorrect; it's required to change the %name.", array('%name' => t('Email'))));
+ $this->assertRaw(t("Your current password is missing or incorrect; it's required to change the %name.", array('%name' => 'Email')));
$edit['current_pass'] = $user1->pass_raw;
$this->drupalPostForm("user/" . $user1->id() . "/edit", $edit, t('Save'));
@@ -58,7 +58,7 @@ function testUserEdit() {
$edit['pass[pass1]'] = $new_pass = $this->randomMachineName();
$edit['pass[pass2]'] = $new_pass;
$this->drupalPostForm("user/" . $user1->id() . "/edit", $edit, t('Save'));
- $this->assertRaw(t("Your current password is missing or incorrect; it's required to change the %name.", array('%name' => t('Password'))));
+ $this->assertRaw(t("Your current password is missing or incorrect; it's required to change the %name.", array('%name' => 'Password')));
// Try again with the current password.
$edit['current_pass'] = $user1->pass_raw;
diff --git a/core/modules/user/src/Tests/UserPasswordResetTest.php b/core/modules/user/src/Tests/UserPasswordResetTest.php
index 420b97a..d62f35a 100644
--- a/core/modules/user/src/Tests/UserPasswordResetTest.php
+++ b/core/modules/user/src/Tests/UserPasswordResetTest.php
@@ -125,7 +125,7 @@ function testUserPasswordReset() {
// Verify that the password reset session has been destroyed.
$this->drupalPostForm(NULL, $edit, t('Save'));
- $this->assertText(t('Your current password is missing or incorrect; it\'s required to change the Password.'), 'Password needed to make profile changes.');
+ $this->assertRaw(t("Your current password is missing or incorrect; it's required to change the %name.", array('%name' => 'Password')), 'Password needed to make profile changes.');
// Log out, and try to log in again using the same one-time link.
$this->drupalLogout();