[Backend] Changing Customer Password - The warning message.

[addison74]

Go to Backend > Customers > Manage Customers. Edit an existing customer then click on the Account Information tab. Let's change the password.

When you start to fill in the new password a warning is displayed. See bellow the screenshot.

Fill in the Current Admin Password and click the [Save and Continue Edit] button. The customer receives the message bellow

ISSUE
As can be seen from the warning message, the password is sent in plaintext format, but the customer does not receive it.

Here we have three variants to solve this issue

1. We send the password. For doing this, we have to change the email sent to the customer and ask him to reset the password immediately, because it was sent in plaintext format and it is not safe.

2. We do not send the password. We have to change the email sent to the customer and inform him that if the password was not set up by phone it will be communicated soon. This means that the administrator will contact him later by email or phone.

3. We give up setting the password by the administrator. We let only the implementation from PR #3262. The administrator will have the option to send the password reset link to the customer, nothing more. Below is how the implementation would look

Any feedback is welcome.

[hirale]

We give up setting the password by the administrator.

I vote for this.

[addison74]

If the ability for the administrator to change the password of a customer account is removed, then the option from Backend > System > Configuration > Customer Configuration tab > Password Options section > "Require admin user to change user password" must also be removed too.

... or the functionality can be extended as follows. If "Require admin user to change user password" is set to "Yes" then the above behavior must be fixed. If it is set to "No", then the row with the password must be removed from the table.