Silverstripe Version: 4.1
Having a hard time making any sense of this. I click the forgotten password link on the /admin page, enter my email address and I get sent a link to /Security/changepassword?m=
Sweet.
The problem is with the change password screen. Sometimes this works as expected and loads the page.
Other times it will redirect me back to the login page with a non-sensical message: “You must be logged in in order to change your password!”
Ignoring the poor English, If I could login - I wouldn’t been changing it through the forgotten password functionality!
Reading the code in ChangePasswordHandler::changepassword() I see where this happens. Seems like a bug I get this far though. I assume there’s been a problem with the auto login hash. Shouldn’t that be the message relayed in this case?