This has been true at least since D7...

On the user/password page, the button say s "E-mail new password".

In D7 it's in user.pages.inc user_pass(). In D8 it is in core/modules/user/lib/Drupal/user/Form/UserPasswordForm.php

Either way, it's wrong. What you are actually getting by email is not a new password, but a link that allows you to log in.

Suggested text for button:

Request password reset

CommentFileSizeAuthor
#38 Selection_021.png14.09 KBrpayanm
#38 Selection_020a.png20.58 KBrpayanm
#38 Selection_020.png20.88 KBrpayanm
#37 Selection_017.png15.23 KBrpayanm
#37 Selection_016.png12.92 KBrpayanm
#34 2131849-34.patch8.13 KBrpayanm
#34 2131849-interdiff.txt683 bytesrpayanm
#32 2131849-32.patch8.11 KBrpayanm
#31 2131849-31.patch8.11 KBrpayanm
#31 2131849-interdiff.txt1.65 KBrpayanm
#29 2131849-28.patch8.11 KBrpayanm
#29 2131849-interdiff.txt683 bytesrpayanm
#26 2131849-26.patch8.09 KBrpayanm
#20 2131849-after-logged-in-reset-20.jpg183.91 KBjmarkel
#20 2131849-after-login-block-reset-20.jpg46.16 KBjmarkel
#20 2131849-after-anon-reset-20.jpg179.45 KBjmarkel
#20 D8core-user-password-reset-2131849-20.patch8.8 KBjmarkel
#17 After submit on request password page.JPG18.37 KBshyamala
#17 Before- email-new-password.JPG15.22 KBshyamala
#16 2131849-after-16.jpg267.83 KBjmarkel
#16 2131849-before.jpg249.18 KBjmarkel
#16 D8core-user-password-reset-2131849-16.patch4.24 KBjmarkel
#3 D7core-user-password-reset-2131849-3-do-not-test.patch1.78 KBjmarkel
#1 D8core-user-password-reset-2131849-1.patch3.57 KBjmarkel

Comments

jmarkel’s picture

jmarkel commented
StatusFileSize
new D8core-user-password-reset-2131849-1.patch3.57 KB

Updated the button text as well as the tests that depend on that text - SiteMaintenanceTest and UserPasswordResetTest.

jmarkel’s picture

jmarkel commented
Status: Active » Needs review
jmarkel’s picture

jmarkel commented
StatusFileSize
new D7core-user-password-reset-2131849-3-do-not-test.patch1.78 KB

Added a patch for D7 as well.

jhodgdon’s picture

jhodgdon
she/her
Primary language English
commented
Status: Needs review » Reviewed & tested by the community

Thanks for the quick patch! +1000 from me!

I am going to be bold and mark it RTBC.

xano’s picture

xano
he/they
Primary language English
Location Southampton
commented

1: D8core-user-password-reset-2131849-1.patch queued for re-testing.

webchick’s picture

webchick
she/they
Primary language English
Location Vancouver 🇨🇦
commented
Status: Reviewed & tested by the community » Needs review
Issue tags: -ui-text usability +Usability

Fixing tag to clue in the UX team on this issue. It may seem pedantic, but since this is a very user-facing string, it's probably good to spend a bit of time (not too much) to get it right.

And, hm. While the new text is certainly more accurate, searching Google for "Request password reset" (quoted) only returns 347,000 results. This implies this is not really standard terminology used by others.

What if we just named the button something really super boring like "Submit"? The page title is "Request new password" which already tells you what you are doing here.

I'm not that fussed either way, so if there are no better ideas within a week or so, we can go with this.

Bojhan’s picture

Bojhan commented

I am not sure about this change.

1) It seems like an uncommon label it focuses on the very technical "request" rather than the action of getting a new password.

2) It doesn't specify the medium. Clicking this button could result in anything, nothing indicates that I will get an e-mail.

I think both, will result in a decrease in usability - even though we are more accurate.

jhodgdon’s picture

jhodgdon
she/her
Primary language English
commented

OK. But the current button is just plain wrong. You are not getting a new password by email -- to me, that text is very scary -- I wouldn't want a site to email me my password, for security reasons.

But I agree that you are also not resetting your password.

What you are getting emailed is a link that will let you log in.

What would you suggest? Maybe "E-mail one-time login link"?

jmarkel’s picture

jmarkel commented

I'm happy to re-roll the patches with new button text - I'm not a UX person and don't have a strong feeling about this beyond that jhodgdon's point is correct - the text should somehow elucidate what's really going to happen...

Bojhan’s picture

Bojhan commented

I am just wondering, this is on a page right? Maybe we shouldn't be just relabeling the button but making the page more clearer?

jhodgdon’s picture

jhodgdon
she/her
Primary language English
commented

I came to the same conclusion thinking about this... So let's make sure the page explains what will happen, and change the button text to something generic like "submit"?

jhodgdon’s picture

jhodgdon
she/her
Primary language English
commented
Status: Needs review » Needs work
jmarkel’s picture

jmarkel commented
Assigned: Unassigned » jmarkel

I'll get on new patch(es) this evening - if anyone's in a rush, feel free to preempt me :-)

jhodgdon’s picture

jhodgdon
she/her
Primary language English
commented

Great, thanks!

When you post a new patch, Before and After screen shots of the page would be very helpful for usability review.

Bojhan’s picture

Bojhan commented

@jhodgdon Agreed :)

jmarkel’s picture

jmarkel commented
Assigned: jmarkel » Unassigned
Status: Needs work » Needs review
StatusFileSize
new D8core-user-password-reset-2131849-16.patch4.24 KB
new 2131849-before.jpg249.18 KB
new 2131849-after-16.jpg267.83 KB

Here's a re-rolled D8 patch, with before and after screenshots. The password reset page now includes some explanatory text and the button simply says "Submit."

shyamala’s picture

shyamala commented
StatusFileSize
new Before- email-new-password.JPG15.22 KB
new After submit on request password page.JPG18.37 KB

Works perfectly, attached before & after screen shots.

jhodgdon’s picture

jhodgdon
she/her
Primary language English
commented

This is *much* better. However:
- The tab title still says "request new password". Probably it would be more accurate, and much more like everywhere else on the web, if it said something like "Forgot your password?". If we don't want a question there, maybe "Reset your password" would work, which would at least be consistent with the new text.
- I think it should say "user name" not "username".

jmarkel’s picture

jmarkel commented
Assigned: Unassigned » jmarkel

I'm down with those changes for the most part, but not with changing 'username' to 'user name.' I get your point but it would be inconsistent with pretty much every other usage in the system. There are 800-odd uses of 'username' and only 63 of 'user name' and the latter is primarily used in comments rather than in UI text.

jmarkel’s picture

jmarkel commented
StatusFileSize
new D8core-user-password-reset-2131849-20.patch8.8 KB
new 2131849-after-anon-reset-20.jpg179.45 KB
new 2131849-after-login-block-reset-20.jpg46.16 KB
new 2131849-after-logged-in-reset-20.jpg183.91 KB

I changed the text to 'Reset your password' rather than the more casual 'Forgot your password?' I've no objection to the latter, it just seemed out of character for the system as a whole. If consensus is for 'Forgot your password?' I'm cool with it.

Anyway, here's a new patch, with "after" screenshots for the three use cases that were changed - 1) Anon password reset request from /user, 2) Password reset request from login block, and 3) Authenticated user password reset request from /user

jmarkel’s picture

jmarkel commented
Assigned: jmarkel » Unassigned
jhodgdon’s picture

jhodgdon
she/her
Primary language English
commented

Thanks for the research and the new patch! This all looks good to me. I was a bit confused though... in the "after-logged-in" screen shot, there is still a "log in" tab visible??? That has nothing to do with this issue though...

Anyway, I'm +1 on accepting this patch. I looked over the patch and the screen shots, and I think it is all consistent and it definitely makes more sense than it did before.

jmarkel’s picture

jmarkel commented

Yeah - There's something going on with the routes for the local tasks, and code that seems to think that /user/password will only be called for anon users ... clearly not a correct assumption :-). But it's also not really related to this specific issue, so I'm thinking maybe this should be RTBC'ed if possible and we can move on to that after. My 2 cents, anyway.

jhodgdon’s picture

jhodgdon
she/her
Primary language English
commented

Well, we need someone else to mark it RTBC. Last time I did so, it was overruled by the Usability team.

jhedstrom’s picture

jhedstrom
Primary language English
Location Portland, OR
commented
Status: Needs review » Needs work
Issue tags: +Needs reroll

Patch no longer applies.

rpayanm’s picture

rpayanm
he/him
Primary language Spanish
commented
Status: Needs work » Needs review
Issue tags: -Needs reroll
StatusFileSize
new 2131849-26.patch8.09 KB

Status: Needs review » Needs work

The last submitted patch, 26: 2131849-26.patch, failed testing.

jhodgdon’s picture

jhodgdon
she/her
Primary language English
commented

Looks like there's still a test depending on the old text being there.

rpayanm’s picture

rpayanm
he/him
Primary language Spanish
commented
Status: Needs work » Needs review
StatusFileSize
new 2131849-interdiff.txt683 bytes
new 2131849-28.patch8.11 KB
jhodgdon’s picture

jhodgdon
she/her
Primary language English
commented
Status: Needs review » Needs work

So. It looks like this patch still says "Request new password" in at least one place. ?!?

++ b/core/modules/user/src/AccountForm.php

-        $request_new = $this->l($this->t('Request new password'), new Url('user.pass', array(), array('attributes' => array('title' => $this->t('Request new password via email.')))));
-        $current_pass_description = $this->t('Required if you want to change the %mail or %pass below. !request_new.', array('%mail' => $protected_values['mail'], '%pass' => $protected_values['pass'], '!request_new' => $request_new));
+        $request_new = $this->l($this->t('Request new password'), new Url('user.pass',
+          array(), array('attributes' => array('title' => $this->t('Request new password via email.'))))
+        );
+        $current_pass_description = $this->t('Required if you want to change the %mail or %pass below. !request_new.',
+          array(
+            '%mail' => $protected_values['mail'],
+            '%pass' => $protected_values['pass'],
+            '!request_new' => $request_new)
+        );

Let's fix that, and then some before/after screen shots of all pages that change would be helpful.

rpayanm’s picture

rpayanm
he/him
Primary language Spanish
commented
Status: Needs work » Needs review
StatusFileSize
new 2131849-interdiff.txt1.65 KB
new 2131849-31.patch8.11 KB

umm my mistake...

rpayanm’s picture

rpayanm
he/him
Primary language Spanish
commented
StatusFileSize
new 2131849-32.patch8.11 KB

problems with the testbot.

The last submitted patch, 31: 2131849-31.patch, failed testing.

rpayanm’s picture

rpayanm
he/him
Primary language Spanish
commented
StatusFileSize
new 2131849-interdiff.txt683 bytes
new 2131849-34.patch8.13 KB

The last submitted patch, 32: 2131849-32.patch, failed testing.

jhodgdon’s picture

jhodgdon
she/her
Primary language English
commented

OK, the patch looks better now, thanks!

So, this issue could use:
a) before/after screen shots of affected pages
b) beta evaluation added to the issue summary, see https://www.drupal.org/contribute/core/beta-changes

rpayanm’s picture

rpayanm
he/him
Primary language Spanish
commented
StatusFileSize
new Selection_016.png12.92 KB
new Selection_017.png15.23 KB

Before:
reset password before

After:
reset password after

rpayanm’s picture

rpayanm
he/him
Primary language Spanish
commented
StatusFileSize
new Selection_020.png20.88 KB
new Selection_020a.png20.58 KB
new Selection_021.png14.09 KB

After:
before

Before:
after

and this remains the same:
same

nitishchopra’s picture

nitishchopra commented

The patch looked to be fine and the button text i s displaying correctly!!

nitishchopra’s picture

nitishchopra commented
Status: Needs review » Reviewed & tested by the community

Status: Reviewed & tested by the community » Needs work

The last submitted patch, 34: 2131849-34.patch, failed testing.

penyaskito queued 34: 2131849-34.patch for re-testing.

jhodgdon’s picture

jhodgdon
she/her
Primary language English
commented
Status: Needs work » Reviewed & tested by the community

Test passed this time, back to previous status.

Status: Reviewed & tested by the community » Needs work

The last submitted patch, 34: 2131849-34.patch, failed testing.

rpayanm queued 34: 2131849-34.patch for re-testing.

rpayanm’s picture

rpayanm
he/him
Primary language Spanish
commented
Status: Needs work » Reviewed & tested by the community

again.

Status: Reviewed & tested by the community » Needs work

The last submitted patch, 34: 2131849-34.patch, failed testing.

rpayanm queued 34: 2131849-34.patch for re-testing.

The last submitted patch, 34: 2131849-34.patch, failed testing.

rpayanm queued 34: 2131849-34.patch for re-testing.

rpayanm’s picture

rpayanm
he/him
Primary language Spanish
commented
Status: Needs work » Reviewed & tested by the community

and again.

Status: Reviewed & tested by the community » Needs work

The last submitted patch, 34: 2131849-34.patch, failed testing.

adci_contributor queued 34: 2131849-34.patch for re-testing.

rpayanm’s picture

rpayanm
he/him
Primary language Spanish
commented
Status: Needs work » Reviewed & tested by the community

and again.

alexpott’s picture

alexpott
he/they
Primary language English
Location 🇪🇺🌍
commented
Status: Reviewed & tested by the community » Fixed

Committed 666f423 and pushed to 8.0.x. Thanks!

Thanks for adding the beta evaluation.

diff --git a/core/modules/user/src/AccountForm.php b/core/modules/user/src/AccountForm.php
index ac16e4e..7cf5ad6 100644
--- a/core/modules/user/src/AccountForm.php
+++ b/core/modules/user/src/AccountForm.php
@@ -141,7 +141,8 @@ public function form(array $form, FormStateInterface $form_state) {
           array(
             '%mail' => $protected_values['mail'],
             '%pass' => $protected_values['pass'],
-            '!request_new' => $request_new)
+            '!request_new' => $request_new,
+          )
         );
       }

Fixed to implement our coding standards on commit.

  • alexpott committed 666f423 on 8.0.x 
    Issue #2131849 by rpayanm, jmarkel, Shyamala: User password reset form...

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

David_Rothstein’s picture

David_Rothstein commented

Note that a "semi-backport" of this to Drupal 7 is currently being discussed at #734536: Terminology wrong around "Request new password" (which this issue was probably originally a duplicate of).