changing the user password should not force the user to log in again with that new password

joyent / conch-ui

Web UI for Conch (https://github.com/joyent/conch-api)

2 stars 5 forks source link

Closed karenetheridge closed 3 years ago

karenetheridge commented 3 years ago

user logs in (either for the first time after user creation, or after an admin forced the password to be reset)
user is presented with a password change form; enters a new password and clicks submit
user is logged out and must log in again.

Do not log the user out. that is, use a query parameter with POST /user/me/password so as to not delete the login token that the user is using.

dustinryerson commented 3 years ago

I've verified that this has been fixed on production. Please feel free to reopen if I've missed something.