Using the developer console to force password resets
|Knowledge Article Number||000230624|
|Description||When using the Developer Console to force Password resets to a newly created users, using the command : system.setpassword(UserID; Password); It is getting redirected to the "Change Your Password" page and clicking on any textbox is allowing the user to login to the org without setting the security questions.|
|Resolution||This is Working as Designed (WAD) in salesforce. If you hit enter you are actually hitting the 'cancel' button. The "Save" button doesn't get enabled until the requirements for the page are met (value entered for current password, matching & valid new & confirm passwords and/or a value for the security answer). The password of the user has not been changed.
If you log out and then log in again, you will see the change password page. This is by design so that the user does not need to change their password/security question at that time.
Steps to Reproduce :
1. Login to your org
2. Search for manage users > click on users > click on button "New User"
3. Create the user and uncheck the below checkbox :
- Generate new password and notify user immediately
4. Click Save.
5. Open Developer console
6. Open the Excute anonymous window > Write : system.setpassword('005xx000004oVFT', 'Travel@xx34567'); i.e system.setpassword(userid,password);
7. Click Execute.
8. Logout from the org.
9. Then login to your org using the login.salesforce.com URL.
Note : If you are using the domain name then instead of login.salesforce.com hit your domain name.
10. Put the username and password. You will be redirected to the change password screen (Screenshot attached) and if you click on any textbox and click enter it will log you in.