Do not send "changed password" emails on password rehash
Do not send "changed password" emails on password rehash
With the feature flag enabled in non-production environments (including staging), when users logged in, they subsequently received emails indicating their passwords had been changed. Their passwords still worked for login, indicating that the password hadn't been changed, and prompting them to reach out to the Security team. A check of the staging database confirmed that the users' passwords were upgraded to WF 13, indicating that the email was a consequence of the change associated with the initial feature flag. Slack thread (internal) including user confusion.
This issue: fix that. (Drew suspects, and I concur, that the fix is likely to use a lower-level function to do the new password save, but the proof is in the pudding proving that in code and then adding more tests.)
- Show closed items