mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-19 12:00:55 +01:00
Allow passwords to be edited even if account.editable
is false
Summary: Fixes T5900. We have some very old code here which does not let you update your password if the `account.editable` flag is set. This was approximately introduced in D890, and I think it was mostly copy/pasted at that point. I'm not sure this ever really made sense. The option is not documented as affecting this, for example. In the modern environment of auth providers, it definitely does not make sense. Instead, always allow users to change passwords if the install has a password provider configured. Test Plan: - Set `account.editable` to false. - Used a password reset link. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T5900 Differential Revision: https://secure.phabricator.com/D10331
This commit is contained in:
parent
05eb77c0a7
commit
4a566f9e5d
2 changed files with 3 additions and 10 deletions
|
@ -120,7 +120,7 @@ final class PhabricatorAuthOneTimeLoginController
|
||||||
$next = '/';
|
$next = '/';
|
||||||
if (!PhabricatorPasswordAuthProvider::getPasswordProvider()) {
|
if (!PhabricatorPasswordAuthProvider::getPasswordProvider()) {
|
||||||
$next = '/settings/panel/external/';
|
$next = '/settings/panel/external/';
|
||||||
} else if (PhabricatorEnv::getEnvConfig('account.editable')) {
|
} else {
|
||||||
|
|
||||||
// We're going to let the user reset their password without knowing
|
// We're going to let the user reset their password without knowing
|
||||||
// the old one. Generate a one-time token for that.
|
// the old one. Generate a one-time token for that.
|
||||||
|
|
|
@ -16,15 +16,8 @@ final class PhabricatorSettingsPanelPassword
|
||||||
}
|
}
|
||||||
|
|
||||||
public function isEnabled() {
|
public function isEnabled() {
|
||||||
// There's no sense in showing a change password panel if the user
|
// There's no sense in showing a change password panel if this install
|
||||||
// can't change their password...
|
// doesn't support password authentication.
|
||||||
|
|
||||||
if (!PhabricatorEnv::getEnvConfig('account.editable')) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
// ...or this install doesn't support password authentication at all.
|
|
||||||
|
|
||||||
if (!PhabricatorPasswordAuthProvider::getPasswordProvider()) {
|
if (!PhabricatorPasswordAuthProvider::getPasswordProvider()) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue