To reproduce:

  1. Create a Legal document with a re-accept redirect method
  2. Sign up a new user
  3. Before the user clicks on the activate link in their email, update the Legal document
  4. Now, when the user clicks on the link in their email, they'll be redirected to the document which they can accept, however when they're then forwarded on to set their password they're unable to do so as they must sent a 'current password'.

Comments

malks’s picture

malks CreditAttribution: malks commented

I'm seeing this issue for activated users whenever you create a new version of a legal document when the user requests a new password as well and I think it's related.

That is, to reproduce:

  1. Create a new version of an existing Legal document.
  2. For any user that has to re-accept the document, send a password reset.
  3. Clicking on the link will take them to the acceptance page of the Legal document, but then they will be forwarded on in a logged in state.

This results in the user having to enter their current password which is confusing as they were trying to reset it. The work around in the short term is to get them to reset the password again.

codesidekick’s picture

codesidekick CreditAttribution: codesidekick commented
Assigned: codesidekick » malks
geek-merlin’s picture

geek-merlin
they/omg
Primary language German
Location Freiburg, Germany
CreditAttribution: geek-merlin commented

A solution might be to have a configurable exclusion list for the redirect (and maybe message) feature, defaulting to user/edit.