Taking a stroll through my user table today I see that everyone has a pw hash set, even those who've logged in via a connector plugin like google/fb/twitter/etc.
Sometimes the hashmethod is NULL, sometimes Random... sometimes Vanilla.
I'm assuming that Vanilla hash methods are native forum logins.
Do you think it would be possible then to key off of this difference and change the behavior of the 'change password' action in the user profile to either be 'set password' or not require the old password if the user has used a plugin to log into the forum?
I assume you would just check for HashMethod != 'Vanilla'...
Would you welcome a patch for this for .18 gold? I'm trying to figure out a good user auth story for my app integration to my forum and this looks like it might do fine as long as users can go set a password if they don't already have one.
The current workaround means they will have to request a pw reset, which kinda makes the instructions a bit more complicated than they should be.