Affects Version/s: 7.0.X, 7.1.X, Master
Component/s: Application Security > Password Policies
Steps to reproduce
- Create a public user (e.g user1)
- Create a new password policy as the following settings
- Assign user1 to test policy
- Change User_.passwordModifiedDate in the database to 1 month ago to simulate the password expiration
- Navigate to Control Panel > Configuration > Server Administration
- Clear the database cache
- Log in as user1
- Note that login is successful due to the grace limit set to 1
- Note that a warning message "Your password is expired. You have 0 grace login(s) remaining." is displayed
- Go to My Account and change the password
The user can change their password normally.
"Your request failed to complete." is displayed and the user can not change their password.