It is not possible to change password, if you do not know your current password and get the one-time-login e-mail, because you have to supply your current password.

Comments

Argus’s picture

This is an anoying Drupal bug. I use https://drupal.org/project/nocurrent_pass to remove the current password field. This is eventhough not OA related.

dsnopek’s picture

I'm not convinced this is purely a Drupal bug. I don't personally have this problem on all Drupal sites. There has got to be some configuration or combination of modules that activates it. If I were to guess, I think there might be a redirect somewhere that isn't passing the GET arguments along.

lsolesen’s picture

@dsnopek It is not purely a Drupal bug. It is caused by Open Atrium altering something, so you do not go directly to the change password page.

Argus’s picture

Yeah very well possible. But I've also seen it on non-OA sites, and the existence of the module I linked shows others also run into this problem in various other situations. So indeed the question is what causes it when using OA. The nocurrent_pass module is just a quick and dirty workaround.

mpotter’s picture

Status: Active » Postponed (maintainer needs more info)

I just tried this on a fresh install and when I click the reset-password link sent via email I get a screen with a Login button which then takes me to a page to change my password and I do not see any current password field. So I am not sure what is needed to reproduce this.

Argus’s picture

True, can't repeat it either on new installs. I HAVE experienced it on my OA site though, and had to install nocurrent_pass to bypass it (or use drush). Couldn't figure out what caused it, and can't repeat it on that same site either. Time will tell if more people run into it.

ChrisZZ’s picture

I also have this problem. And of course there are ways around it - but anyways it is annoying and should be fixed.

The problem is, that after installing OA using AEGIR, I am not sent to the change password page immediately. But if I go to the change password site later, I would in fact need the password for changing the password. So I am stuck - and have to use some work arounds.

regards
Christian

mpotter’s picture

Status: Postponed (maintainer needs more info) » Closed (won't fix)

Closed for inactivity. Please re-open if this is still an issue in the most recent version of OA2.

mglaman’s picture

Status: Closed (won't fix) » Closed (duplicate)
Related issues: +#2052235: one-time login requires old password (which doesn´t exist)

I'm having this issue and can't track it down. However this seems to be the same problem as in #2052235: one-time login requires old password (which doesn´t exist). So to help others find that issue, marking this one (whichis newer) a dupe so they can find that issue.

ohmdesbois’s picture

On a fresh installation of the latest version of openatrium, when the administrator creates a new user or a new user creates an account, and immediately asks to recreate a new password, the link received by email actually sending it to the user account page where he is asked for his current password.
After emptying the caches and restarting the operation, the link sent by email points to a page that does not require the old password
The problem seems to occur if you immediately request a new password after the account is created and before the caches have been cleared.
I hope that it will be useful to people who encounter this case.