I haven’t confirmed it, but it sure looks like a bug. This is Koa, right? Would it be too much to ask for you to confirm that it’s still an issue in Lilac? If it is, the best place for you to open a bug would be in the build-test-release working group’s issue board.
(The reason I ask for Lilac confirmation is that the community-run group only supports the latest release - Koa is now unsupported.)
The branding-theming-sandbox also adds these for the edx-simple-theme:
SIMPLETHEME_SASS_OVERRIDES: [ /* snip: lots of things */]
SIMPLETHEME_STATIC_FILES_URLS: [ /* snip: few of these too */]
Unfortunately the new MFEs aren’t themable with comprehensive themes, you have to replace the whole package to change anything. But since this appears to be something we need to fix, then it would be better to fix it upstream than for you to have to maintain a custom fix.
It definitely sounds like a bug, but I’m curious as to why we’re not seeing it too. Can you provide some more details about your installation process?
native or Tutor? (You said native, so just confirming.)
any non-sensitive ansible variables that you can share
The first way is through html forms, in which case /reset works also for me
The second way is when you want to access direct link www.yourdomain/reset. I got to this link only when I entered my password wrong too many times. Most users don’t face this issue as long as they know their password to edX
That /reset link works fine for me if I click on it from the /login page, but only in that browser session. It 404s for me if I open it in a new window, and will probably break for you too if you click on these links: master /reset, lilac.master /reset and koa.3 /reset
My guess is, edx.org solved this by registering the /reset URL on the server side too, so that authn.edx.org/reset is also directed to the MFE. But by default, only /login and /register are known on the server side, as you found by changing user_authn/views/login.py.
To fix this in master, the change needs to be made in a slightly different place: user_authn/urls.py, and we should support both /reset and /password_assistance.
Would you like to submit a PR to get this fixed for master, and then we can pull it into lilac?