yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ensures the reset flag is set for users when the legacy user membership provider setting allowManuallyChangingPassword is used

Browse Source
This commit is contained in:
Shannon
2019-05-10 02:00:45 +10:00
parent f952877d04
commit 35645672ae
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/Umbraco.Web.UI.Client/src/views/users/user.controller.js
View File

@@ -135,7 +135,10 @@
//anytime a user is changing another user's password, we are in effect resetting it so we need to set that flag here
if (vm.user.changePassword) {
vm.user.changePassword.reset = !vm.user.changePassword.oldPassword && !vm.user.isCurrentUser;
//NOTE: the check for allowManuallyChangingPassword is due to this legacy user membership provider setting, if that is true, then the current user
//can change their own password without entering their current one (this is a legacy setting since that is a security issue but we need to maintain compat).
//if allowManuallyChangingPassword=false, then we are using default settings and the user will need to enter their old password to change their own password.
vm.user.changePassword.reset = (!vm.user.changePassword.oldPassword && !vm.user.isCurrentUser) || vm.changePasswordModel.config.allowManuallyChangingPassword;
}
vm.page.saveButtonState = "busy";