Steps to reproduce:
1. Enable password policy and add password expiry rule.
1. Enable modal forms for login form.
2. Log in using the user whose password has expired.
3. Ideally the user should be redirected to account edit form (something like this - user/25/edit/account?destination=node/30).
4. Redirection fails and import statements are displayed in popup.
In password policy module file, in function _password_policy_go_to_password_change_page, drupal_goto is used to redirect user to password change screen.
I tried to replace drupal_goto with following code:
$password_change_path = _password_policy_get_preferred_password_change_path();
ctools_include('modal');
ctools_include('ajax');
$output = array();
ctools_add_js('ajax-responder');
$output[] = ctools_modal_command_dismiss();
$output[] = ctools_ajax_command_redirect($password_change_path, 2000);
print ajax_render($output);
But this does not work. I understand this is not a complete solution. We have to add a check, if modal forms is enabled for login form then only ctools code should run, goto should work in other cases.
I have posted issue earlier here: https://www.drupal.org/node/2541194
Comments
Comment #2
pooja.sarvaiye CreditAttribution: pooja.sarvaiye commentedComment #3
pooja.sarvaiye CreditAttribution: pooja.sarvaiye commentedComment #4
rteijeiro CreditAttribution: rteijeiro at Tieto commentedComment #5
pooja.sarvaiye CreditAttribution: pooja.sarvaiye at Tieto commentedComment #6
neerajskydiver CreditAttribution: neerajskydiver as a volunteer and at Valuebound commentedComment #8
pooja.sarvaiye CreditAttribution: pooja.sarvaiye at Tieto commentedComment #9
pooja.sarvaiye CreditAttribution: pooja.sarvaiye at Tieto commentedComment #11
pooja.sarvaiye CreditAttribution: pooja.sarvaiye at Tieto commentedComment #12
pooja.sarvaiye CreditAttribution: pooja.sarvaiye at Tieto commentedComment #13
amolnw2778 CreditAttribution: amolnw2778 as a volunteer and at Tieto commented@pooja One minor change - First letter of comment needs to be uppercase.
// prompted for their current password on password change page unnecessarily.
Comment #14
AohRveTPV CreditAttribution: AohRveTPV commentedIs there a way to do this without adding module-specific integration code? Password Policy should not need to know about other modules like "Modal forms (with ctools)". This line is specific to that module:
Such code adds complexity and makes the module difficult to test.
Comment #15
pooja.sarvaiye CreditAttribution: pooja.sarvaiye at Tieto commented@AohRveTPV, I am also not very happy with the solution. But I could not figure out a better way to solve this. I uploaded patch here so that others can have a look and suggest some better approach. Any suggestions are most welcome.
Comment #16
AohRveTPV CreditAttribution: AohRveTPV commentedHow do you "Enable modal forms for login form."?
I installed the Modal Forms module on a fresh Drupal site, but I don't see how to do it.
Steps of how to configure Modal Forms to reproduce the problem on a fresh Drupal site would be helpful.
Comment #17
pooja.sarvaiye CreditAttribution: pooja.sarvaiye at Tieto commentedYou will have to add a password policy to expire user accounts after some days of inactivity. Then try to login using the expired account. You may alter last login date manually in db, for testing purpose.
The steps are mentioned in the issue description.
Comment #18
AohRveTPV CreditAttribution: AohRveTPV commented"1. Enable modal forms for login form." <-- How do you do this?
Comment #19
pooja.sarvaiye CreditAttribution: pooja.sarvaiye at Tieto commentedYou have to turn on Enable for login links option here - admin/config/development/modal_forms
Comment #20
AohRveTPV CreditAttribution: AohRveTPV commentedThanks, I am able to reproduce the problem now. I hadn't realized you have to create a link to
user/login
.Looks like the problem is Modal Forms relies on a call to
modal_forms_login()
when the user is returned touser/login
after submitting the login form. That function calls Ctools functions that close the modal window and perform the redirection. However, Password Policy callsdrupal_goto()
before that callback is executed, which attempts the redirection without closing the modal window.I am thinking it is a problem that should be fixed in Modal Forms. Modal Forms should not assume that another module will not redirect to a different page. That is, Modal Forms should not assume the user will be returned to
user/login
after submitting the login form.Again, adding any code like
if (<modal_forms enabled>)
to Password Policy is very undesirable. Password Policy should not need to know about other contributed modules.One possible solution is to use
hook_drupal_goto_alter()
to execute the Ctools calls as doesmodal_forms_login()
. The following seems to work, but I do not know whether it is secure or fully correct. Please consider it a proof of concept.That could be put in a separate module to avoid hacking changes to Modal Forms or Password Policy.
Would this approach be a solution to the problem?
Comment #21
AohRveTPV CreditAttribution: AohRveTPV commentedPlease re-open if the solution suggested in #20 is problematic.
Comment #22
pooja.sarvaiye CreditAttribution: pooja.sarvaiye at Tieto commented@AohRveTPV, modal_forms_drupal_goto_alter solves the problem, thanks.
Comment #23
firewaller CreditAttribution: firewaller commentedJust to confirm, the solution in #20 works for me as well.