Problem

The Password Policy module is a popular security module which allows site admins to define password policies on a site.
One such policy is the ability to force the user to change their password every so often. When this policy is enforced users are forced to the password change screen once they login and forbidden to travel elsewhere on the site, every click brings them back to the password change screen.

When an admin masquerades as a user whose password has expired they are forced to the password edit screen. The admin is then unable to click the Switch back link as doing so brings them back to the users password edit screen.

Solution

Password policy module provides hook_password_policy_expire_url_exclude() to allow modules to define paths which should not force a redirection.

Given the popularity of the password policy module I suggest that it is OK for masquerade to support it and implement this hook.

Patch to follow.

CommentFileSizeAuthor
#2 passwordpolicy-2633174-2.patch552 bytesjohnennew

Comments

ceng created an issue. See original summary.

johnennew’s picture

johnennew commented
Status: Active » Needs review
StatusFileSize
new passwordpolicy-2633174-2.patch552 bytes

Please find a patch for this attached.

andypost’s picture

andypost
he/him
Primary language Russian
commented
Status: Needs review » Reviewed & tested by the community

Makes sense!

izmeez’s picture

izmeez commented

Applies without difficulty to current 7.x-1.x-dev (2016-11-02).

izmeez’s picture

izmeez commented
Related issues: +#3010095: Masquerade 7.x-1.0 stable release plan

Adding to #3010095: Masquerade 7.x-1.0 stable release plan

ressa’s picture

ressa
he/him
commented
Status: Reviewed & tested by the community » Closed (outdated)
Related issues: +#3439398: Password Policy & Masquerade support, +#3213457: Support for Masquerade module

Thanks everyone for working on this! In an attempt to help the maintainers, I am going through the Drupal 7 RTBC issues, and closing them, since Drupal 7 is EOL.

Maintainers should grant credit for the great work to the relevant users, even if the patch did not get committed: https://www.drupal.org/docs/develop/issues/issue-procedures-and-etiquett....

It looks like the Password policy module works well with Masquerade since Masquerade 2.0 (see #3439398: Password Policy & Masquerade support) but feel free to re-open if this is still relevant in the Drupal 11 version.

Now that this issue is closed, review the contribution record.

As a contributor, attribute any organization that helped you, or if you volunteered your own time.

Maintainers, credit people who helped resolve this issue.