On the user edit page, the password fields are still there for a SAML account even if the module is configured not to allow users to set Drupal passwords.

To reproduce:

  • Make sure "Allow SAML users to set Drupal passwords" is unchecked on the "Local authentication" settings page
  • Log in with a SAML-enabled account and go to the user profile edit page ( ex: /user/2/edit )
  • All three password fields are still visible (Current Password, Password, Confirm Password).

    (Expected them to be hidden for SAML accounts if that box is left unchecked.)

Looks like $form['#user']->init is returning the email address of the account, which doesn't get a match in the authmap table. $form['#user']->name returns the username, which does match in the authmap table and results in correctly hidden password fields.

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

larcher created an issue. See original summary.

larcher’s picture

larcher’s picture

Status: Active » Needs review

  • snufkin committed 320a808 on 7.x-3.x authored by larcher
    Issue #2683699 by larcher: Password fields still visible with "Allow...
snufkin’s picture

Status: Needs review » Fixed

Good catch. We broke some of the authmap related stuff when we rearchitected from 2.x, I guess this was one of them. Thanks for the patch, committed.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.