Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I set 60 on password Reset Days but when I login in, I have always the edit form with this error : "your password has expired, please update it" , I have to change the password but it expired again after few time.
My Drupal version is : 8.4
Comments
Comment #2
imen ch CreditAttribution: imen ch commentedComment #3
imen ch CreditAttribution: imen ch commentedComment #4
phjouI have the same problem. But I have not tested yet the patch from this issue: https://www.drupal.org/node/2867089
It also concerns expiry so maybe it could fix the problem.
Comment #5
kriboogh CreditAttribution: kriboogh commentedThere is a bug in the _password_policy_user_profile_form_submit method. Upon submition of the user profile form, the code tries to get the uid from the form_state. This returns null, so the condition to reset the field_last_password_reset and field_password_expiration fields is never met.
Edit: when an admin user edits an other users password, the current pass field is not set, so the condition will also not hold. Also in this case, the
storage user object is not set. So it's better to fetch the actual account being used in the form, from the build info.
Don't have time to cook up a path, but code should be:
Comment #6
kriboogh CreditAttribution: kriboogh commentedHere's a patch for #5
Comment #7
nitnac23 CreditAttribution: nitnac23 commentedThis patch did not fix the error, the password resets every 24hrs irrespective of Password Reset Days set to 60.
Comment #8
raynaldmo CreditAttribution: raynaldmo commentedniteshchawathe which version are you using ?
If it's 3.0.0-alpha4, it appears that an equivalent fix to the patch in #6 has been incorporated in that version.
What you may be experiencing is this issue: https://www.drupal.org/project/password_policy/issues/2860671
If you're using version 3.0.0-alpha4 try patch 2860671-password-policy-cron-fix-2.patch provided in the above issue.
Comment #9
imen ch CreditAttribution: imen ch commentedThanks for your help, I created this patch for "8.x-3.0-alpha4" version of Module passwoed_policy, combined these two patches for "8.x-3.x-dev" version.
https://www.drupal.org/files/issues/2867089-9.patch and https://www.drupal.org/files/issues/2860671-password-policy-cron-fix-2.p...
hope it solve the problem.
Comment #10
niraimani CreditAttribution: niraimani commentedpatch#6 is not working and getting the below error
$ patch -p0 -b < password_policy-expire-password-reset-2917622-6.patch
can't find file to patch at input line 8
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|Index: modules/contrib/password_policy/password_policy.module
|IDEA additional info:
|Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
|<+>UTF-8
|===================================================================
|--- modules/contrib/password_policy/password_policy.module (date 1510662267000)
|+++ modules/contrib/password_policy/password_policy.module (revision )
--------------------------
File to patch: password_policy.module
patching file password_policy.module
Hunk #1 FAILED at 292.
1 out of 1 hunk FAILED -- saving rejects to file password_policy.module.rej
Comment #11
imen ch CreditAttribution: imen ch commentedniraimani, have you tested patch#9 ? password_policy-password-expire-does-not-work-2860671-9.patch
Comment #12
alex_kukso CreditAttribution: alex_kukso commentedHello,
I made some changes for https://www.drupal.org/files/issues/2860671-password-policy-cron-fix-2.p... and created a new patch for it https://www.drupal.org/files/issues/cron_expire_date_format-2860671-7.patch.
It solve the issue with wrong Cron behavior and date format.
Comment #13
niraimani CreditAttribution: niraimani commentedimen, patch #9 is working.
Comment #14
Rajab Natshah CreditAttribution: Rajab Natshah at Vardot commentedComment #16
Rajab Natshah CreditAttribution: Rajab Natshah at Vardot commentedComment #18
imen ch CreditAttribution: imen ch commentedI have corrected the coding standards errors
Comment #19
imen ch CreditAttribution: imen ch commentedI have corrected the coding standards errors
Comment #20
pythagory CreditAttribution: pythagory at CivicActions commentedThe patch in #19 works for me but does not apply after work done in https://www.drupal.org/project/password_policy/issues/2860671. It seems the last chunk of the diff was included in that issue. I've removed it from the patch, this revision applies with composer.
Comment #21
mikemadison CreditAttribution: mikemadison at Acquia commentedthe patch in #20 seems to resolve the issue for me. in our case, there was still a password reset that had to occur due to the age of the password, but afterwards it no longer is constantly requiring it.
Comment #23
cgmonroe CreditAttribution: cgmonroe as a volunteer commentedIn my situation, 8.x-3.0-Alpha4 with the #20 patch and the patch from #2860671: Inconsistent date format and timezone usage leads to infinite password resets. fixed the password always being expired problem.
HOWEVER, resetting the password via the user edit form always resulted in the password being mangled somehow. E.g. you could never login with the password you entered. I had to reset the account password with the Drush pwd command. Triple checked everything was being entered correctly, saw that the password hashes were different between a form reset and a Drush reset.
Removing this patch fixed the password reset problem and the always expired problem was still fixed.
Could consistently reproduce by:
Comment #24
steveedson CreditAttribution: steveedson commentedAny updates on this? I've tried patch #20 but it hasn't made any difference. Currently this module is impossible to use as I have to reset my password constantly.
Thanks.
Comment #25
armyofda12mnkeys CreditAttribution: armyofda12mnkeys commented@steveedson, I guess you could use the 8.x-3.0-DEV version which seems to have these fixes...
or apply a patches from a few separate issues which seem to solve it for me (the password expire issue, and another patch regarding the policy_roles which i think caused an issue/error for me: so think patches from these 2 sources rolled up into 1 patch... https://www.drupal.org/project/password_policy/issues/2863169 https://www.drupal.org/project/password_policy/issues/2902597).
Note: I'm using password_policy's 8.x-3.0-alpha4 version.
The git patch file is attached.
Comment #26
SamLerner CreditAttribution: SamLerner at CivicActions commentedI'm using 8.x-3.0-alpha4 with the patch in #25 as well as the patch on https://www.drupal.org/project/password_policy/issues/2771129#comment-13... and everything's working fine.
I'm not getting any errors about a password being expired before the correct time, and as a user I can change my password and re-log in successfully.
Comment #27
AohRveTPV CreditAttribution: AohRveTPV commentedSetting to "Needs review" to run tests on #25.
Edit: Apparently setting to "Needs review" doesn't trigger tests for the most recent patch in prior comments to run. So I manually ran the tests for #25.
Comment #28
AohRveTPV CreditAttribution: AohRveTPV commented#25 doesn't apply.
Comment #29
AohRveTPV CreditAttribution: AohRveTPV commentedNeither security nor data loss bug, so not blocking beta.
Comment #30
mferanda CreditAttribution: mferanda as a volunteer commentedWas something finalized for this issue? It looks as if the last patch is failing to even apply
From the conversation, it almost seems like people fixed their issue with a patch and just moved on. This still seems to be an issue in the last version.
Comment #31
jswainst CreditAttribution: jswainst commentedIf you compare the code in patch #25 to alpha5, it appears the fix has been committed.
Comment #32
GaëlGAccording to previous comment.