Reset password still valid after first login
|Reported by:||rinon||Owned by:||Steffen Hoffmann|
|Severity:||normal||Keywords:||needinfo password reset|
|Cc:||Ryan J Ollos||Trac Release:||0.12|
After a user (or admin on behalf of the user) resets their password, logs in with their temporary password and is forced to change their password, the user is still able to log in later with that temporary password. Shouldn't AccountManager clear out any password_reset attributes on password change?