View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0026884 | mantisbt | administration | public | 2020-04-15 18:34 | 2021-03-07 18:29 |
Reporter | dregad | Assigned To | dregad | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Target Version | 2.25.0 | Fixed in Version | 2.25.0 | ||
Summary | 0026884: Misleading e-mail notification following password reset by admin | ||||
Description | When a user's password is reset by an administrator - either via manage_user_reset.php page, or with REST API (since 0026632), they are sent the following notification by e-mail:
That message only makes sense when using the Lost password functionality. In the context of a password reset by an admin, it is misleading, for the following reasons
A specific notification text should be used for the password reset by admin case. | ||||
Tags | No tags attached. | ||||
MantisBT: master e118e8e8 2020-04-15 15:36 Details Diff |
Specific notification for password reset by admin The email notification sent when password is reset by an administrator was misleading, implying that it can be ignored when in fact it should not as the password has effectively been changed to a random one. If the user does not reset their password, they will not be able to login. This commit avoids confusion caused by the misleading message, by sending a specific notification for password resets by admin. A new $p_reset_by_admin optional parameter, defaulting to false, was added to email_send_confirm_hash_url() function, allowing it to be used for resets by user (lost password feature) also. Fixes 0026884 |
Affected Issues 0026884 |
|
mod - core/email_api.php | Diff File | ||
mod - core/user_api.php | Diff File | ||
mod - lang/strings_english.txt | Diff File |