Quebec: 'password_needs_reset' not reset to false upon successful password reset via Password Reset Application


Description

In New York, when a user has password_needs_reset=true it is reset to false when that user performs a successful password reset. In Quebec, password_needs_reset remains to true which mean that the user is prompted to change the password again when login after a successful password reset.

Steps to Reproduce

Steps to reproduce followed in OOB instance:-

1. Open the New York instance.

2. Create your Own user in the user table.

3. Set the "password needs reset" box to true on the user record.

4. Please visit the login page of the instance and select "forget password"

5. You will receive the email and get directed to the password reset application page.

6. Now enters new password and password reset is successful.

7. You can check if the "password needs reset" box is unchecked in NY instance which means the user is not prompted to change the password again when login after a successful password reset.


Now,

1.  Login on the Quebec Patch Version instance.

2.  Try to set the "password needs reset" box to true on the customer_contacts record in user table.

3.  Set the "password needs reset" box to true on the user record. 

4.  Now visit the login page of the instance and select "forget password"

5. You will receive the email and get directed to the password reset application page and enter he new password.

6. Please check that the "password needs reset" box is still un-checked or checked. You can see its still Checked which causes users to reset their login twice.

 

Workaround

This issue was actually a defect till Orlando and got fixed in Paris.The "password needs reset" in sys_user table will be updated only when "Auto-generate password" and "User must reset password" are marked as true in Password reset process [pwd_process table] on every reset of password [Refer attached screenshot].The Password change we do right after login [login_cpw.do page] goes in different code flow and is not related to Password Reset Application. This is the reason this field being set to false only on a successful password change but not on a password reset.

 

But if the "password needs reset" box is unchecked as per NY instance which means the user is not prompted to change the password again when login after a successful password reset. But In Quebec, password_needs_reset remains to true which mean that the user is prompted to change the password again when login after a successful password reset. So we has decided to bring back the previous functionality per NY and this will be fixed on Rome Release and eventually back-ported to  Quebec and Paris release. 

Please subscribe the KB link for now and as soon as the fix will be provided you will get notified through this PRB..


Related Problem: PRB1492023