a trace of the logical flow involved to reset a password

• portal_skins/plone_prefs/password_form pt called initially
• Change password action directs to ->

    portal_skins/plone_form_scripts/plone_change_password

• This form then verifies that the old password was correct,

    and that the new password and confirm password match

• If all is well, then it calls the membership tool's setPassword method
• this ends up triggering the setPassword method under
• Products.CMFPlone.MembershipTool, which the other membership tools inherit from
• This setPassword method eventually calls acl_users._doChangeUser
• The _doChangeUser turns out to be monkeypatched in PlonePAS (pas.py)
• The _doChangeUser there delegates to the PlonePAS userSetPassword function
• Now the doChangeUser method is called on all plugins

    that implement IUserManagement

• Membrane implements this interface, in the plugins/usermanager.py file
• This is where the change was made to add another interface

    (IMembraneUserChanger) to separate out the management responsibilities
    from the password changing reponsibilities. Asking a member to add/del
    himself and change his password are tasks that don't seem to go well
    together.

• It now gets the IMembraneUserChanger implementations, and calls that to

    change the password.

• An additional interface was also provided, IUserChanger. This interface has

    a setPassword method. An adapter was also provided to adapt from a
    IUserChanger -> IMembraneUserChanger. This allows membrane
    implementations to implement IUserChanger to support the ability to
    set passwords.

These changes were made in r31384 in Membrane and r31385 in Remember.