? ? Failure

User tests: Successful: Unsuccessful:

avatar wojsmol
wojsmol
27 Dec 2018

Pull Request for Issue #23345 .

Summary of Changes

Confirm Password field removed from user edit in backend

Testing Instructions

code review or test whether user edit forks as expected and Confirm Password is not present.

Expected result

No Confirm Password field and user edit works.

Actual result

Confirm Password field exists and user edit works

Documentation Changes Required

no

avatar wojsmol wojsmol - open - 27 Dec 2018
avatar wojsmol wojsmol - change - 27 Dec 2018
Status New Pending
avatar joomla-cms-bot joomla-cms-bot - change - 27 Dec 2018
Category Administration com_users Language & Strings
avatar chmst
chmst - comment - 27 Dec 2018

I see that the password is removed from the user edit view.
But there are about 30 places where the password2 is used in the code.
It is checked in the models and appears in different views and models in the frontend.

So I think it is too early for submitting a test result.


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/23357.
avatar tonypartridge
tonypartridge - comment - 27 Dec 2018

Why would you want to do this? For BC you should at least add it as a config option which is showing both by default.

avatar chmst
chmst - comment - 27 Dec 2018

The second password is only wasted time and no longer up to date in modern apps (my opinion).
I do not insist but why then do we have the new password with the "plain text" button?

If it is a B/C problem, we need a param and or a solution for the password2 check. But I do not see a big B/C problem. The password2 is not in the database. It could be used in extensions of the registration form, but I am sure that there we can find a solution.

avatar wojsmol wojsmol - change - 27 Dec 2018
Labels Added: ? ?
avatar joomla-cms-bot joomla-cms-bot - change - 27 Dec 2018
Category Administration com_users Language & Strings Administration com_admin com_users Language & Strings Front End Libraries
avatar brianteeman
brianteeman - comment - 28 Dec 2018

I don't see the reason for this change

avatar dgrammatiko
dgrammatiko - comment - 28 Dec 2018

should at least add it as a config option

Please NO more switches...

avatar chmst
chmst - comment - 4 Jan 2019

I have tested and it looks great. But in the confirm.xml still is a password2. Could you remove this too?


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/23357.

avatar wojsmol
wojsmol - comment - 5 Jan 2019

@chmst Can you post a path to confirm.xml file in question?

avatar chmst
chmst - comment - 5 Jan 2019

It is components\com_users\forms\reset_complete.xml

avatar chmst
chmst - comment - 5 Jan 2019

I have tested this item successfully on a921c44

Thank you @wojsmol


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/23357.

avatar chmst chmst - test_item - 5 Jan 2019 - Tested successfully
avatar franz-wohlkoenig franz-wohlkoenig - change - 11 Apr 2019
Category Administration com_users Language & Strings com_admin Front End Libraries Administration com_admin com_users Front End Libraries
avatar tonypartridge
tonypartridge - comment - 13 Jul 2019

Thinking about this, if we proceed with it... what about showing the password rather than hiding by default so people can see if it's typed correctly?


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/23357.

avatar dgrammatiko
dgrammatiko - comment - 13 Jul 2019

@tonypartridge the password shouldn't be visible by default and also in the field (password) was added a button to reveal the text just for this scenario. FWIW the field still needs to become a custom element, there used to be a PR by me and would be really nice if someone resurrects it because the current code is not production-ready...

avatar shindebalu shindebalu - test_item - 19 Oct 2019 - Tested unsuccessfully
avatar shindebalu
shindebalu - comment - 19 Oct 2019

I have tested this item 🔴 unsuccessfully on a921c44

The file marked for modification does not exist: administrator/components/com_admin/Model/ProfileModel.php


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/23357.

avatar idefax idefax - test_item - 19 Oct 2019 - Tested unsuccessfully
avatar idefax
idefax - comment - 19 Oct 2019

I have tested this item 🔴 unsuccessfully on a921c44

Works not for me as well:

The file marked for modification does not exist: administrator/components/com_admin/Model/ProfileModel.php

PHP Version 7.3.8
Web Server Apache
WebServer to PHP Interface cgi-fcgi
Joomla! Version Joomla! 4.0.0-beta1-dev Development [ Amani ] 17-October-2019 20:21 GMT
User Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/23357.

avatar brianteeman
brianteeman - comment - 19 Oct 2019

This really should be closed do people don't waste their time

avatar Quy Quy - close - 19 Oct 2019
avatar Quy Quy - change - 19 Oct 2019
Status Pending Closed
Closed_Date 0000-00-00 00:00:00 2019-10-19 13:53:38
Closed_By Quy
avatar joomla-cms-bot joomla-cms-bot - change - 19 Oct 2019
Category Administration com_users com_admin Front End Libraries Administration com_admin com_users Language & Strings Front End Libraries
avatar joomleb
joomleb - comment - 2 Jan 2024

Hi guys,
PHP 8.1.x + Joomla 5.x.

I understand what @dgrammatiko wrote 5 years ago about to don't create another setting, but, from my point of view this is a good case to add an option to use / not use the Password2 confirmation field on both, the Registration page and the Profile Edit.

It is time to reconsider this PR, In the last 5 years a lot of things have changed:

  • the internet Registration processes moved to be simpler day by day to engage users registrations
  • for security Joomla implemented different things like the 2factor authenticator etc.
  • now is "normal" to tell Google (or other providers) to save and remember the passwords

I would add to the reasons written above into the previous users messages:

  • in Joomla you can set to send a "Welcome" email with user's password, so why ask user to enter password twice during the registration ?
  • If you wrong something during the Edit Profile you can always go through the "I forgot password" process
  • If the Password2 is a must where is the Email2 confirmation field ? The absence of Email2 is the proof that Password2 is no longer necessary and, at least, there should be the option to no longer use it...
  • If the config option is too much, it would be better to don't have anymore the Password2 by default. It is really simpler to manually add it where we want it than to delete it to all the views...

Do you agree?

Add a Comment

Login with GitHub to post a comment