Closed frankduncan closed 1 month ago
@frankduncan Leave WAGTAILUSERS_PASSWORD_ENABLED
at the default and direct users to add a password on their account page. That should work, if not we have a bug.
Hypha has for many years have WAGTAILUSERS_PASSWORD_ENABLED
set to False to block staff from messing with users passwords.
Unfortunately, that's a requirement for the client. I just noticed while in here, that the whole activation workflow may be unneeded in general.
Describe the bug
When WAGTAILUSERS_PASSWORD_ENABLED and ENABLE_PUBLIC_SIGNUP are set to true, the "Set Password" logic redirects to "user:acount" rather than "user:activate" making it so you can never actually set the password.
This is a vestige of the old registration/password system that was removed in favor of passwordless reigstration.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Arrive at the password setting page.
Priority
Affected roles
Additional context
The "activation" flow may no longer be needed at all. Just have "Set Password" go to the update password page instead of doing the activation dance in email. The endpoint is the same.
However, there may be reasons to keep the current flow, so the incoming PR just fixes this specific bug.