Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
This has been true at least since D7...
On the user/password page, the button say s "E-mail new password".
In D7 it's in user.pages.inc user_pass(). In D8 it is in core/modules/user/lib/Drupal/user/Form/UserPasswordForm.php
Either way, it's wrong. What you are actually getting by email is not a new password, but a link that allows you to log in.
Suggested text for button:
Request password reset
Comment | File | Size | Author |
---|---|---|---|
#38 | Selection_021.png | 14.09 KB | rpayanm |
#38 | Selection_020a.png | 20.58 KB | rpayanm |
#38 | Selection_020.png | 20.88 KB | rpayanm |
#37 | Selection_017.png | 15.23 KB | rpayanm |
#37 | Selection_016.png | 12.92 KB | rpayanm |
Comments
Comment #1
jmarkel CreditAttribution: jmarkel commentedUpdated the button text as well as the tests that depend on that text - SiteMaintenanceTest and UserPasswordResetTest.
Comment #2
jmarkel CreditAttribution: jmarkel commentedComment #3
jmarkel CreditAttribution: jmarkel commentedAdded a patch for D7 as well.
Comment #4
jhodgdonThanks for the quick patch! +1000 from me!
I am going to be bold and mark it RTBC.
Comment #5
Xano1: D8core-user-password-reset-2131849-1.patch queued for re-testing.
Comment #6
webchickFixing tag to clue in the UX team on this issue. It may seem pedantic, but since this is a very user-facing string, it's probably good to spend a bit of time (not too much) to get it right.
And, hm. While the new text is certainly more accurate, searching Google for "Request password reset" (quoted) only returns 347,000 results. This implies this is not really standard terminology used by others.
What if we just named the button something really super boring like "Submit"? The page title is "Request new password" which already tells you what you are doing here.
I'm not that fussed either way, so if there are no better ideas within a week or so, we can go with this.
Comment #7
Bojhan CreditAttribution: Bojhan commentedI am not sure about this change.
1) It seems like an uncommon label it focuses on the very technical "request" rather than the action of getting a new password.
2) It doesn't specify the medium. Clicking this button could result in anything, nothing indicates that I will get an e-mail.
I think both, will result in a decrease in usability - even though we are more accurate.
Comment #8
jhodgdonOK. But the current button is just plain wrong. You are not getting a new password by email -- to me, that text is very scary -- I wouldn't want a site to email me my password, for security reasons.
But I agree that you are also not resetting your password.
What you are getting emailed is a link that will let you log in.
What would you suggest? Maybe "E-mail one-time login link"?
Comment #9
jmarkel CreditAttribution: jmarkel commentedI'm happy to re-roll the patches with new button text - I'm not a UX person and don't have a strong feeling about this beyond that jhodgdon's point is correct - the text should somehow elucidate what's really going to happen...
Comment #10
Bojhan CreditAttribution: Bojhan commentedI am just wondering, this is on a page right? Maybe we shouldn't be just relabeling the button but making the page more clearer?
Comment #11
jhodgdonI came to the same conclusion thinking about this... So let's make sure the page explains what will happen, and change the button text to something generic like "submit"?
Comment #12
jhodgdonComment #13
jmarkel CreditAttribution: jmarkel commentedI'll get on new patch(es) this evening - if anyone's in a rush, feel free to preempt me :-)
Comment #14
jhodgdonGreat, thanks!
When you post a new patch, Before and After screen shots of the page would be very helpful for usability review.
Comment #15
Bojhan CreditAttribution: Bojhan commented@jhodgdon Agreed :)
Comment #16
jmarkel CreditAttribution: jmarkel commentedHere's a re-rolled D8 patch, with before and after screenshots. The password reset page now includes some explanatory text and the button simply says "Submit."
Comment #17
Shyamala CreditAttribution: Shyamala at UniMity Solutions Pvt Limited commentedWorks perfectly, attached before & after screen shots.
Comment #18
jhodgdonThis is *much* better. However:
- The tab title still says "request new password". Probably it would be more accurate, and much more like everywhere else on the web, if it said something like "Forgot your password?". If we don't want a question there, maybe "Reset your password" would work, which would at least be consistent with the new text.
- I think it should say "user name" not "username".
Comment #19
jmarkel CreditAttribution: jmarkel commentedI'm down with those changes for the most part, but not with changing 'username' to 'user name.' I get your point but it would be inconsistent with pretty much every other usage in the system. There are 800-odd uses of 'username' and only 63 of 'user name' and the latter is primarily used in comments rather than in UI text.
Comment #20
jmarkel CreditAttribution: jmarkel commentedI changed the text to 'Reset your password' rather than the more casual 'Forgot your password?' I've no objection to the latter, it just seemed out of character for the system as a whole. If consensus is for 'Forgot your password?' I'm cool with it.
Anyway, here's a new patch, with "after" screenshots for the three use cases that were changed - 1) Anon password reset request from /user, 2) Password reset request from login block, and 3) Authenticated user password reset request from /user
Comment #21
jmarkel CreditAttribution: jmarkel commentedComment #22
jhodgdonThanks for the research and the new patch! This all looks good to me. I was a bit confused though... in the "after-logged-in" screen shot, there is still a "log in" tab visible??? That has nothing to do with this issue though...
Anyway, I'm +1 on accepting this patch. I looked over the patch and the screen shots, and I think it is all consistent and it definitely makes more sense than it did before.
Comment #23
jmarkel CreditAttribution: jmarkel commentedYeah - There's something going on with the routes for the local tasks, and code that seems to think that /user/password will only be called for anon users ... clearly not a correct assumption :-). But it's also not really related to this specific issue, so I'm thinking maybe this should be RTBC'ed if possible and we can move on to that after. My 2 cents, anyway.
Comment #24
jhodgdonWell, we need someone else to mark it RTBC. Last time I did so, it was overruled by the Usability team.
Comment #25
jhedstromPatch no longer applies.
Comment #26
rpayanmComment #28
jhodgdonLooks like there's still a test depending on the old text being there.
Comment #29
rpayanmComment #30
jhodgdonSo. It looks like this patch still says "Request new password" in at least one place. ?!?
Let's fix that, and then some before/after screen shots of all pages that change would be helpful.
Comment #31
rpayanmumm my mistake...
Comment #32
rpayanmproblems with the testbot.
Comment #34
rpayanmComment #36
jhodgdonOK, the patch looks better now, thanks!
So, this issue could use:
a) before/after screen shots of affected pages
b) beta evaluation added to the issue summary, see https://www.drupal.org/contribute/core/beta-changes
Comment #37
rpayanmBefore:
After:
Comment #38
rpayanmAfter:
Before:
and this remains the same:
Comment #39
nitishchopra CreditAttribution: nitishchopra commentedThe patch looked to be fine and the button text i s displaying correctly!!
Comment #40
nitishchopra CreditAttribution: nitishchopra commentedComment #43
jhodgdonTest passed this time, back to previous status.
Comment #46
rpayanmagain.
Comment #51
rpayanmand again.
Comment #54
rpayanmand again.
Comment #55
alexpottCommitted 666f423 and pushed to 8.0.x. Thanks!
Thanks for adding the beta evaluation.
Fixed to implement our coding standards on commit.
Comment #58
David_Rothstein CreditAttribution: David_Rothstein as a volunteer commentedNote that a "semi-backport" of this to Drupal 7 is currently being discussed at #734536: Terminology wrong around "Request new password" (which this issue was probably originally a duplicate of).