the only reason we *need* to reset the password is to support including %password in the emails. however:

a) the 1-time login URLs are better anyway (easier to use, require the user to reset their password, etc).
b) the fact this module will now always reset a users's password whenever it goes from blocked to active is a little wonky.

it'd be better to just have a setting to control if the password is reset, which then makes %password an available placeholder in the email bodies. this would default to off, so that the module never resets passwords unless site admins go out of their way to configure it to work that way.

CommentFileSizeAuthor
#1 user_status_passwd_reset_setting.patch.txt1.9 KBdww

Comments

dww’s picture

dww
we/he/they
commented
Assigned: Unassigned » dww
Status: Active » Needs review
StatusFileSize
new user_status_passwd_reset_setting.patch.txt1.9 KB

needs testing, but i think this should do it.

dww’s picture

dww
we/he/they
commented
Version: 5.x-1.x-dev » 5.x-1.1
Status: Needs review » Fixed

Just did another round of heavy testing, and I'm happy with this. committed to HEAD, DRUPAL-5, and DRUPAL-4-7. Included in the 5.x-1.1 and 4.7.x-1.2 releases i just created.

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)