Updating password through the password reset link fails to update the last updated date in the user's account
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Evergreen |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
3.10
When users update their password with the link provided by the Send Password Reset Link function in the staff client, the Last Updated date does not update in their account. (If users reset their password through the OPAC, or if it's updated in their account in the staff client, the Last Updated date does update in their account.) I don't know the technical jargon for this, but it appears that with the link the password reset is happening "outside" of the account so it's not logging the update. Once the password is reset through the link, you then get a prompt to log in to your account.
Use case:
A Local Admin staff member is requiring that all staff update their Evergreen passwords and is sending each staff member the password reset email through their account. The Local Admin would like a way to track that the password has been reset, and the Last Updated date would be a good indicator.
Noting that while awaiting a change to the code, an SQL report on actor.passwd. edit_date will reliably indicate the last time that the password was updated. (Emphasis is on SQL here; the actor.passwd table is intentionally not made available to the Reporter to avoid risking mass exposure of (salted, hashed) passwords).