Problem
The Password Policy module is a popular security module which allows site admins to define password policies on a site.
One such policy is the ability to force the user to change their password every so often. When this policy is enforced users are forced to the password change screen once they login and forbidden to travel elsewhere on the site, every click brings them back to the password change screen.
When an admin masquerades as a user whose password has expired they are forced to the password edit screen. The admin is then unable to click the Switch back link as doing so brings them back to the users password edit screen.
Solution
Password policy module provides hook_password_policy_expire_url_exclude() to allow modules to define paths which should not force a redirection.
Given the popularity of the password policy module I suggest that it is OK for masquerade to support it and implement this hook.
Patch to follow.
Comment | File | Size | Author |
---|---|---|---|
#2 | passwordpolicy-2633174-2.patch | 552 bytes | johnennew |
Comments
Comment #2
johnennew CreditAttribution: johnennew at Deeson commentedPlease find a patch for this attached.
Comment #3
andypostMakes sense!
Comment #4
izmeez CreditAttribution: izmeez commentedApplies without difficulty to current 7.x-1.x-dev (2016-11-02).
Comment #5
izmeez CreditAttribution: izmeez commentedAdding to #3010095: Masquerade 7.x-1.0 stable release plan