From 38c961209ef880fff45a40470390d8dc8771c516 Mon Sep 17 00:00:00 2001
From: Shannon <sdeminick@gmail.com>
Date: Fri, 8 Sep 2017 13:48:32 +1000
Subject: [PATCH] Ensure the user's administratively reset password doesn't get
 re-shown in the UI - that was based on an actual password reset

---
 src/Umbraco.Web/Editors/PasswordChanger.cs |  4 ++--
 src/Umbraco.Web/Editors/UsersController.cs | 12 ++----------
 2 files changed, 4 insertions(+), 12 deletions(-)

diff --git a/src/Umbraco.Web/Editors/PasswordChanger.cs b/src/Umbraco.Web/Editors/PasswordChanger.cs
index a6edd1bdd0..88e92c0ad2 100644
--- a/src/Umbraco.Web/Editors/PasswordChanger.cs
+++ b/src/Umbraco.Web/Editors/PasswordChanger.cs
@@ -98,8 +98,8 @@ namespace Umbraco.Web.Editors
                     _logger.Warn<PasswordChanger>(string.Format("Could not reset user password {0}", errors));
                     return Attempt.Fail(new PasswordChangedModel { ChangeError = new ValidationResult("Could not reset password, errors: " + errors, new[] { "resetPassword" }) });
                 }
-
-                return Attempt.Succeed(new PasswordChangedModel { ResetPassword = newPass });
+                
+                return Attempt.Succeed(new PasswordChangedModel());
             }
 
             //we're not resetting it so we need to try to change it.
diff --git a/src/Umbraco.Web/Editors/UsersController.cs b/src/Umbraco.Web/Editors/UsersController.cs
index b3ea8b1f1d..63484d1cec 100644
--- a/src/Umbraco.Web/Editors/UsersController.cs
+++ b/src/Umbraco.Web/Editors/UsersController.cs
@@ -553,8 +553,7 @@ namespace Umbraco.Web.Editors
             {
                 userSave.Username = userSave.Email;
             }
-
-            var resetPasswordValue = string.Empty;
+            
             if (userSave.ChangePassword != null)
             {
                 var passwordChanger = new PasswordChanger(Logger, Services.UserService);
@@ -562,9 +561,6 @@ namespace Umbraco.Web.Editors
                 var passwordChangeResult = await passwordChanger.ChangePasswordWithIdentityAsync(Security.CurrentUser, found, userSave.ChangePassword, UserManager);
                 if (passwordChangeResult.Success)
                 {
-                    //depending on how the provider is configured, the password may be reset so let's store that for later
-                    resetPasswordValue = passwordChangeResult.Result.ResetPassword;
-
                     //need to re-get the user 
                     found = Services.UserService.GetUserById(intId.Result);
                 }
@@ -588,11 +584,7 @@ namespace Umbraco.Web.Editors
             Services.UserService.Save(user);
 
             var display = Mapper.Map<UserDisplay>(user);
-
-            //re-map the password reset value (if any)
-            if (resetPasswordValue.IsNullOrWhiteSpace() == false)
-                display.ResetPasswordValue = resetPasswordValue;
-
+            
             display.AddSuccessNotification(Services.TextService.Localize("speechBubbles/operationSavedHeader"), Services.TextService.Localize("speechBubbles/editUserSaved"));
             return display;
         }