Problem

The Password Policy module is a popular security module which allows site admins to define password policies on a site.
One such policy is the ability to force the user to change their password every so often. When this policy is enforced users are forced to the password change screen once they login and forbidden to travel elsewhere on the site, every click brings them back to the password change screen.

When an admin masquerades as a user whose password has expired they are forced to the password edit screen. The admin is then unable to click the Switch back link as doing so brings them back to the users password edit screen.

Solution

Password policy module provides hook_password_policy_expire_url_exclude() to allow modules to define paths which should not force a redirection.

Given the popularity of the password policy module I suggest that it is OK for masquerade to support it and implement this hook.

Patch to follow.

CommentFileSizeAuthor
#2 passwordpolicy-2633174-2.patch552 bytesjohnennew
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

ceng created an issue. See original summary.

johnennew’s picture

johnennew CreditAttribution: johnennew at Deeson commented
Status: Active » Needs review
FileSize
passwordpolicy-2633174-2.patch552 bytes

Please find a patch for this attached.

andypost’s picture

andypost
he/him
Primary language Russian
CreditAttribution: andypost as a volunteer and at Skilld commented
Status: Needs review » Reviewed & tested by the community

Makes sense!

izmeez’s picture

izmeez CreditAttribution: izmeez commented

Applies without difficulty to current 7.x-1.x-dev (2016-11-02).

izmeez’s picture

izmeez CreditAttribution: izmeez commented
Related issues: +#3010095: Masquerade 7.x-1.0 stable release plan

Adding to #3010095: Masquerade 7.x-1.0 stable release plan