When the password reset form is displayed, it should provide a captcha if the captcha is activated in the configuration. Failing to do so will make the process fails, as the captcha values (empty in that case) are "invalid"
This is a bit painful to implement, I think it's better to deprecate the form altogether and remove it from server-reg. people that use server-full will not have the password reset form.
Could you just remove the calls to captcha from the password reset form? The reset form works fine when captcha is disabled. I'd hate to lose the form entirely.
(In reply to bugzilla from comment #2) > Could you just remove the calls to captcha from the password reset form? > The reset form works fine when captcha is disabled. I'd hate to lose the > form entirely. No I can't because the production code needs this. Can't you deactivate captachas altogether in your case instead ?
I don't actually think there's anything to be done here. I believe that you can turn off the captchas if you don't want to use them, or turn off password-reset entirely. Anyway, this isn't something we're likely to spend time on given the move away from having these pieces in server-full.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.