yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ensure the user's administratively reset password doesn't get re-shown in the UI - that was based on an actual password reset

Browse Source
This commit is contained in:
Shannon
2017-09-08 13:48:32 +10:00
parent c39e1175fd
commit 38c961209e
2 changed files with 4 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/Umbraco.Web/Editors/PasswordChanger.cs
View File

@@ -98,8 +98,8 @@ namespace Umbraco.Web.Editors
_logger.Warn<PasswordChanger>(string.Format("Could not reset user password {0}", errors));
return Attempt.Fail(new PasswordChangedModel { ChangeError = new ValidationResult("Could not reset password, errors: " + errors, new[] { "resetPassword" }) });
}
return Attempt.Succeed(new PasswordChangedModel { ResetPassword = newPass });
return Attempt.Succeed(new PasswordChangedModel());
}
//we're not resetting it so we need to try to change it.

12
src/Umbraco.Web/Editors/UsersController.cs
View File

@@ -553,8 +553,7 @@ namespace Umbraco.Web.Editors
{
userSave.Username = userSave.Email;
}
var resetPasswordValue = string.Empty;
if (userSave.ChangePassword != null)
{
var passwordChanger = new PasswordChanger(Logger, Services.UserService);
@@ -562,9 +561,6 @@ namespace Umbraco.Web.Editors
var passwordChangeResult = await passwordChanger.ChangePasswordWithIdentityAsync(Security.CurrentUser, found, userSave.ChangePassword, UserManager);
if (passwordChangeResult.Success)
{
//depending on how the provider is configured, the password may be reset so let's store that for later
resetPasswordValue = passwordChangeResult.Result.ResetPassword;
//need to re-get the user
found = Services.UserService.GetUserById(intId.Result);
}
@@ -588,11 +584,7 @@ namespace Umbraco.Web.Editors
Services.UserService.Save(user);
var display = Mapper.Map<UserDisplay>(user);
//re-map the password reset value (if any)
if (resetPasswordValue.IsNullOrWhiteSpace() == false)
display.ResetPasswordValue = resetPasswordValue;
display.AddSuccessNotification(Services.TextService.Localize("speechBubbles/operationSavedHeader"), Services.TextService.Localize("speechBubbles/editUserSaved"));
return display;
}