Users with "Virtual YMCA" role see "Access Denied" on password reset attempt

Question

Users with "Virtual YMCA" role see "Access Denied" on password reset attempt

Closed this issue 3 years ago · 6 comments

To reproduce:

Create a new user
Add any of the member roles: "Virtual YMCA", "Virtual YMCA Trial", or "Virtual YMCA Premium"
Visit /user/password and attempt a password reset with the email of the new account.

When a user with a member role attempts to reset their password via /user/password they are met with 403 Access Denied. That could be confusing and does not give a path forward if the user unintentionally gets there.

Proposed Resolution:
Either create a custom 403 for those Roles or add some boilerplate help text to the 403 page.

Answer 1 · 2021-01-12T16:17:12.000Z

I think this was fixed in fivejars#218

@froboy please review

Answer 2 · 2021-01-18T16:32:42.000Z

@froboy per @hamrant comment above, can you review the issue and determine if this has been fixed? If so, please close this item.

Answer 3 · 2021-01-18T17:19:07.000Z

This was postponed from release by @anpolimus. PR with fix ready for testing and review

Answer 4 · 2021-01-19T21:34:15.000Z

I'll wait until that PR is merged. I tested https://sandbox-carnation-std-virtual-y.openy.org/user/login and I'm seeing a message, but it's only after the user goes back and reloads the form. See the attached video.

openy_gated_content_issue_65.mp4

Also, the error message could use some review:

You're not allowing to reset password for user with Virtual Y role.

could be

If you are a Virtual YMCA member, please return to the home page to log in. Contact your branch for login help.

Answer 5 · 2021-02-08T19:43:25.000Z

@hamrant just confirming that this item is complete and ready to be closed?

Answer 6 · 2021-02-09T10:05:29.000Z

@sarah-halby yep, the fix was merged 4 days ago