Subject: | With AutoCreateNonExternalUsers=1, it is no longer possible to set password with 3.8.8 |
RT 3.8.8 introduces checks for current password when setting users
passwords. If RT-Authen-ExternalAuth is enabled and
AutoCreateNonExternalUsers too, we cannot set internal password for a
non external user as CurrentUserRequireToSetPassword doesn't handle this
case.
So there is a need to override User::CurrentUserRequireToSetPassword so
the password fields are displayed in this case. It is also needed to
override User::IsPassword so it can check the current password against
the external source before fallback to RT db check.