I have an Auth login class that extends Auth_Login_Simpleauth. Recently I had an issue where my app was telling users that their password is wrong. I looked into it, and I found that it didn't matter if the user's current password was correct or not, they would always get the "Your current password was incorrect" error, even if the password was updated successfully.
After much digging, I found that the issue is in my Auth_Login class. Specifically, the update_user() method is causing troubles.
If I have this code in my login class, I *always* get the "your password was wrong" error.
public function update_user($values, $username = null)
I need to extend the update_user() method, but whenever I try to, it breaks the password reset message because it seems to invoke the parent method TWICE (I had to do a lot of logging to figure that out). The first one succeeds, but the second one fails (because the new password hash obviously doesn't match the old password hash). Is there a particular reason for this double invoke? If I don't call parent::update_user($values, $username), then nothing gets updated, because the parent gets invoked zero times.
I've extended create_user and delete_user by invoking the parent method and then adding logic with no issues. Can I not do that with update_user method?
My own troubleshooting is what was causing the parent method to be called twice. Looking at the git diff, I think the initial issue was that my update_user method was not returning TRUE. However, in the process of debugging, I mistakenly invoked the update_user method a second time, so even though I was now returning TRUE, I created another bug while debugging. Bugger.