Please sign in to comment.
Default behaviour is no longer to ask the user to enter their old pas…
…sword before setting their password to something else on /openid/password/ - this is a bit of a cheat to avoid having to solve a different problem, which is that if a user has just recovered their account via e-mail (because they lost their password) they should be able to reset their password without first entering the old one. I hope to support that case eventually.
- Loading branch information...