Password reset prompt for expired password fails

[dsajdak]

When a user's password is expired, they're prompted to change it.

However, when attempting to do so they receive an error: "something bad happened. Please contact site admin"

The logs show either: "Failed to change expired password for user" err="password does not conform to policy" but it does.

or: "Failed to change expired password for user" err="invalid current password" However the user was just authenticated using these credentials which initiated the password change process.

[dsajdak]

Also, on further review the password is actually changed. If the user attempts to login with the new password, the authentication succeeds.