Univention Bugzilla – Bug 51404
Self Service: Expired passwords need to be handled better - "Protect account"
Last modified: 2020-09-07 16:06:35 CEST
UCS: 4.4-4 errata617 Scenario: I use a simple password policy, e.g. minimum length is 8 characters. I have a user whose password expired. This is quite common for new users, when the option "change password at next login" is checked. This user tries to use the Self Service to change their password. Expected behaviour: The Self Service dialog for "Protect account" tells me that my password expired. It then offers to change my password and tells me the requirements (e.g. at least 8 characters). Observed behaviour: The Self Service dialog for "Protect account" does not tell me that my password expired. Instead it says: "An error occurred You are not authorized to perform this action. Server error message: Either username or password is incorrect or you are not allowed to use this service." The user's primary group is listed in "umc/self-service/passwordreset/whitelist/groups".