opengist icon indicating copy to clipboard operation
opengist copied to clipboard
verified publisher icon thomiceli

Password change shown in settings with only OIDC is enabled

Open vwbusguy opened this issue 1 year ago • 0 comments

When the login form is disabled (ie, OIDC-only logins are forced), the user is still presented with password change options. This can be extra confusing for the user since there is an option to unlink an OIDC on the page, so the user would rightfully assume that unlinking OIDC and setting the password would allow them to authenticate with that password. I suggest that the password change fields not be shown when the logins are set to only OIDC.

User Settings page when login form is disabled/OIDC-only logins are set: image

Login form disabled in Admin: image

It should be straightforward to hide these by wrapping the change password on the settings page template in {{ if not .disableForm }}.

vwbusguy avatar Aug 02 '24 22:08 vwbusguy