J4 Issue ?
avatar AnitaLund
AnitaLund
24 Apr 2019

Steps to reproduce the issue

  1. Enable the System - Privacy Consent plugin and select a specific Privacy Article.

  2. Manually create a new user and enable Require Password Reset.

  3. Log in as this new user and you should be taken to the user profile form.

  4. Try to view the Privacy Article by clicking on the Privacy Policy link in the user profile form. The modal window will show the user profile form and not the privacy article as expected.

  5. Go back to User Management, disable Require Password Reset and save. Then try again to click on the Privacy Policy link in the user profile form and the modal window will now show the Privacy Article as expected.

Expected result

The modal window opened when the Privacy Policy link in the profile form should display the selected privacy article.

Actual result

The modal window opened displays the user profile form again and not the privacy article!

System information (as much as possible)

Joomla 3.9

Additional comments

So basically it seems that the user cannot view the Privacy Article from the profile form when he/she needs to reset the password at the same time.

I assume this is a bug and not intended behaviour?

avatar AnitaLund AnitaLund - open - 24 Apr 2019
avatar joomla-cms-bot joomla-cms-bot - labeled - 24 Apr 2019
avatar franz-wohlkoenig franz-wohlkoenig - change - 24 Apr 2019
Labels Added: J3 Issue
avatar franz-wohlkoenig franz-wohlkoenig - labeled - 24 Apr 2019
avatar infograf768
infograf768 - comment - 24 Apr 2019

Bug confirmed.
Screen Shot 2019-04-24 at 16 55 21

The reinitialisation of the password is asked first in the modal which displays the whole site page.

avatar infograf768
infograf768 - comment - 24 Apr 2019
avatar mbabker
mbabker - comment - 24 Apr 2019

TBH I don't know if there's a fix for this without shoving in a new plugin event. The password reset required redirect is done inside a helper method in the application classes that is based on a whitelisted set of components, layouts, and tasks. Putting the logic in there to determine the privacy policy article doesn't fly because that is determined with plugins and for the love of all that is sane please do not put anymore hardcoded plugin references in the libraries API unless you move that code out of plugins and into a library class.

So, fixing it constitutes a new feature (a onPasswordResetRequiredRedirect event, or something adequately named), meaning work on it in 4.0.

avatar franz-wohlkoenig franz-wohlkoenig - change - 24 Apr 2019
Status New Discussion
avatar ReLater
ReLater - comment - 24 Apr 2019

Just a very nasty-hasty workaround, the basic idea and not more, that we use for two Joomla 3 sites at the moment with many new users that have to reset their password.
An override of com_users/profile/edit.php.
All I do is hiding the original label of the privacy field when requireReset is active for a user
and replacing it with a link to a static HTML page that is located on another domain.
Could be better but is sufficient for our requirements and laziness at the moment.
https://github.com/GHSVS-de/GHSVSThings/blob/master/relaterquatch/com_users-profile-edit.php#L69-L92

avatar AnitaLund
AnitaLund - comment - 25 Apr 2019

Many thanks for the replies. I understand this is not an easy fix and will work around the issue until 4.0


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/24719.

avatar franz-wohlkoenig franz-wohlkoenig - change - 25 Apr 2019
Title
Viewing privacy policy from new user profile form does not work if require password reset is enabled
[4.0] Viewing privacy policy from new user profile form does not work if require password reset is enabled
avatar franz-wohlkoenig franz-wohlkoenig - change - 25 Apr 2019
Title
Viewing privacy policy from new user profile form does not work if require password reset is enabled
[4.0] Viewing privacy policy from new user profile form does not work if require password reset is enabled
avatar franz-wohlkoenig franz-wohlkoenig - edited - 25 Apr 2019
avatar franz-wohlkoenig franz-wohlkoenig - change - 25 Apr 2019
Labels Added: J4 Issue
Removed: J3 Issue
avatar franz-wohlkoenig franz-wohlkoenig - unlabeled - 25 Apr 2019
avatar franz-wohlkoenig franz-wohlkoenig - labeled - 25 Apr 2019
avatar franz-wohlkoenig
franz-wohlkoenig - comment - 25 Apr 2019

Changed Issue for J4.

avatar SharkyKZ
SharkyKZ - comment - 25 Apr 2019

Some possible workarounds for 3.x, done in the Privacy Consent plugin:

  1. Disable privacy checkbox if password reset is required. The user would have to edit the profile twice. First to reset the password and then to provide consent.

  2. Disable password reset requirement while on privacy article page. But maybe this would be a security risk,

avatar mbabker
mbabker - comment - 25 Apr 2019

Disable password reset requirement while on privacy article page. But maybe this would be a security risk

That's the bit that requires the plugin event unless you're going to hardcode the core plugin that manages that privacy policy bit into the application class, which goes against the design of com_privacy (intentionally the policy article is managed at the plugin level to not force it to be in com_content and to have not duplicated com_content's article logic into com_privacy (including all of the backend management and frontend routing and display), so if someone using K2 or EasyBlog or any other content creating component wanted to put their article in their chosen content component they just need a plugin supporting the hook) and just adds yet another hardcoded plugin reference to the core libraries.

avatar LukasHH
LukasHH - comment - 31 Jan 2020

I have the same problem, but i have today created a override for the label.php in the layout.
layouts\plugins\system\privacyconsent\label.php

This loads the content selected in the plugin, including modules, iframe, etc.

In addition, a language string "PLG_SYSTEM_PRIVACYCONSENT_READ" must be created here, which is displayed as a button at the bottom of the modal window. This can be "OK", "read", "understood" or similar.

Whether this fits with K2 or similar extensions, I can not determine, because I do not use this.

This is a screenshot with the protostar template. Joomla 3.9.15
04_Datenschutz_zustimmung_Plugin_override

I will give my override the to the https://j-over.de

Add a Comment

Login with GitHub to post a comment