solved When updating my account details, as regular user, I am forced to reset my password

I am a site owner testing what happens when logged in as a regular user, looking at my account settings.

When updating my user account details, while already logged in as regular user, I am forced to enter my password twice, and then the system tells me that to continue, I must use my new password. But I did not want to create a new password in the first place. I was already logged in, and just wanted to update a detail in my account data!

Is there any way to avoid forcing members to renew their passwords unnecessarily?


--
PJ Matthews, Kyoto
Migrated from Ning 2.0. Now at Jamroom 6 beta and using Jamroom Hosting for The Research Cooperative (researchcooperative.org)
updated by @researchcooperative: 06/18/17 01:38:46PM

When a user updates his account, yes, it asks for his existing password as a security measure, but I am not seeing a necessity to enter passwords when updating the form.
Can you detail exactly what you are doing so that I can try to replicate it?
Thanks


--
Paul Asher - JR Developer and System Import Specialist

Hi.

Updating Profile details in the profile form is no problem. The system accepts that I have already logged in with my password.

When updating details in my account, a bright yellow bar appears in the password field when I try to save. I then have to enter my password twice. This is accepted when I now press the save button, but then the attached message appears, telling me that I have to enter my password (yet again!) to continue.

At this point the system thinks I am trying to change my password.

So, in order to change an account detail, other than the password, I have to enter my password four times, to login, then twice in order to make a save action, and then a fourth time to conclude the process.

Is this the expected process for changing account details other then the password itself?


--
PJ Matthews, Kyoto
Migrated from Ning 2.0. Now at Jamroom 6 beta and using Jamroom Hosting for The Research Cooperative (researchcooperative.org)

The setting you're seeing is this one:
http://YOUR - SITE.com/user/admin/global/section=account+settings/hl=authenticate


Admin should not be prompted, but others should be.

If you think there is a bug somewhere, outline the steps and I'll check it out.

Thanks. That setting makes sense for someone who is actually changing their critical account details - the email address and password. But it seems that changes to other fields in the account settings form get caught in the net.

i.e. I login as a regular member to my regular member account. I want to quickly change the spelling of my location (for example) in the account settings form. So I make a minor change there, but then learn, after attempting to save my little change, that I also have to re-enter my password twice, and then once more, because of the security in place for changing an email address or password.

If this is how the system is designed to work, then it is not user-friendly.

If it is not how it is meant to work, then maybe I have a bug in my set up.

Is unchecking the authentication security option a risky thing to do?

Is that the only way I can make it easier for users to update their user accounts?


--
PJ Matthews, Kyoto
Migrated from Ning 2.0. Now at Jamroom 6 beta and using Jamroom Hosting for The Research Cooperative (researchcooperative.org)
updated by @researchcooperative: 03/07/17 09:04:30PM

No - it is not designed that way, and only looks if the user is trying to change their email address or password. I'm not aware of it NOT working - are you sure you're not changing other information about the account?


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net

Even as Administrator, logged into my own account, I am asked to re-enter my password, when I attempt to change any field other than the email address or password.

This blockage may explain why almost none of my members have been updating their account details. It is very frustrating.


--
PJ Matthews, Kyoto
Migrated from Ning 2.0. Now at Jamroom 6 beta and using Jamroom Hosting for The Research Cooperative (researchcooperative.org)

Steps:

1. Logged in as Chief Admin.
2. Went to Account settings
3. Deleted a word in the field for self description, without clicking in any other field.
4. Pressed save changes
5. Was shown red error alert with text: "You forgot to enter your password"


--
PJ Matthews, Kyoto
Migrated from Ning 2.0. Now at Jamroom 6 beta and using Jamroom Hosting for The Research Cooperative (researchcooperative.org)

It sounds like you have customized your User Account settings in the FORM DESIGNER and set the Password field to REQUIRED:

1) Visit the User Account settings page as the admin
2) Click on "Form Designer" in the upper right
3) Click on the "Modify" for the "Password" field
4) Make sure that "Required" is NOT CHECKED (near the bottom) and save

Repeat for the "Repeat Password" field.


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net

Thanks - exactly so! I have reset to "not required" as per instructions.

Does this setting over-ride the requirement to re-enter our existing password when changing the user email address or password? Or is this requirement hard-wired and not affected by the "not-required" option?


--
PJ Matthews, Kyoto
Migrated from Ning 2.0. Now at Jamroom 6 beta and using Jamroom Hosting for The Research Cooperative (researchcooperative.org)

If you make any field REQUIRED in the form designer that field will need to be filled in when the form is updated.

That is different to the "reauthentication" found at:
https://yoursite.com/user/admin/global/section=account+settings/hl=authenticate

Thanks.

I think this means that the password fields are best designated as "not required" in the settings (updating) form, because their basic function in that form is to provide a way for the user to change the account password, which should not be required every time other account details are updated.

My next step will be to change the language (field label, and help note), to make it clear that the fields should be used for creating a new password, at sign up or later.

Without this being spelled out, the account holder might imagine that the fields have to be filled in order to change other account details.

The templates are the same in the account signup and settings (updating) forms, but for signup, the fields are "required".

template: user_passwd1
label = new password
help note = the password should be alphanumeric with at least six characters, including at least one number

template: user_passwd2
label = repeat new password
help note = repeat the password you entered to be sure there are no typos




--
PJ Matthews, Kyoto
Migrated from Ning 2.0. Now at Jamroom 6 beta and using Jamroom Hosting for The Research Cooperative (researchcooperative.org)
updated by @researchcooperative: 03/18/17 07:34:58PM