Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Drupal version 7.79 or higher. PRLP version 7.x-1.4
Steps to reproduce
- Generate Reset password link and click on it
- When on the reset password page, submit the form by leaving the password fields blank or not matching passwords
- Submit the form again without making any changes
- The user is redirected to the Forgot password page
Correct behaviour
User should remain on the Forgot password page
Comment | File | Size | Author |
---|---|---|---|
#2 | incorrect-redirection-3223175-2.patch | 1.01 KB | gianani |
Issue fork prlp-3223175
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
Comments
Comment #2
gianani CreditAttribution: gianani as a volunteer commentedThe issue is probably due to this code which checks the
$form_state['input']
valueAdding a patch below
Comment #3
gianani CreditAttribution: gianani as a volunteer commentedComment #5
ArneoGthomas CreditAttribution: ArneoGthomas as a volunteer commentedI had the same problem and the patch helps me.
I validate this patch.
thx
Comment #7
JordanMagnuson CreditAttribution: JordanMagnuson commentedYeah, this is a major bug in the 7.x version of the module currently.
If the user gets a validation error during password reset, then submits the form successfully afterwards, they are not logged in, and are told that the "one time login link has already been used."
Leads to reset password loops and frustrated users.
Patch in #2 seems to do the trick and make things work as expected.
Comment #8
JordanMagnuson CreditAttribution: JordanMagnuson commented