Fixes: U4-4172 Change password in users section not working (u7.0.3)
Signed-off-by: Shannon <sdeminick@gmail.com>
This commit is contained in:
Shannon
@@ -38,9 +38,12 @@ namespace umbraco.controls
|
||||
var umbProvider = Provider as MembershipProviderBase;
|
||||
if (umbProvider != null && umbProvider.AllowManuallyChangingPassword)
|
||||
{
|
||||
return false;
|
||||
_showOldPassword = false;
|
||||
}
|
||||
else
|
||||
{
|
||||
_showOldPassword = Provider.EnablePasswordRetrieval == false;
|
||||
}
|
||||
_showOldPassword = Provider.EnablePasswordRetrieval == false;
|
||||
}
|
||||
return _showOldPassword.Value;
|
||||
}
|
||||
|
||||
@@ -158,15 +158,7 @@ namespace umbraco.cms.presentation.user
|
||||
// Add password changer
|
||||
var passwordChanger = (passwordChanger) LoadControl(SystemDirectories.Umbraco + "/controls/passwordChanger.ascx");
|
||||
passwordChanger.MembershipProviderName = UmbracoSettings.DefaultBackofficeProvider;
|
||||
|
||||
//This is a hack to allow the admin to change a user's password to whatever they want - this will only work if we are using the
|
||||
// default umbraco membership provider.
|
||||
// See the notes below in the ChangePassword method.
|
||||
if (BackOfficeProvider is UsersMembershipProvider)
|
||||
{
|
||||
passwordChanger.ShowOldPassword = false;
|
||||
}
|
||||
|
||||
|
||||
//Add a custom validation message for the password changer
|
||||
var passwordValidation = new CustomValidator
|
||||
{
|
||||
@@ -425,21 +417,7 @@ namespace umbraco.cms.presentation.user
|
||||
}
|
||||
|
||||
var changePasswordModel = passwordChangerControl.ChangingPasswordModel;
|
||||
|
||||
// Is it using the default membership provider
|
||||
if (BackOfficeProvider is UsersMembershipProvider)
|
||||
{
|
||||
//This is a total hack so that an admin can change the password without knowing the previous one
|
||||
// we do this by simply passing in the already stored hashed/encrypted password in the database -
|
||||
// this shouldn't be allowed but to maintain backwards compatibility we need to do this because
|
||||
// this logic was previously allowed.
|
||||
|
||||
//For this editor, we set the passwordChanger.ShowOldPassword = false so that the old password
|
||||
// field doesn't appear because we know we are going to manually set it here.
|
||||
// We'll change the model to have the already encrypted password stored in the db and that will continue to validate.
|
||||
changePasswordModel.OldPassword = u.Password;
|
||||
}
|
||||
|
||||
|
||||
//now do the actual change
|
||||
var changePassResult = UmbracoContext.Current.Security.ChangePassword(
|
||||
membershipUser.UserName, changePasswordModel, BackOfficeProvider);
|
||||
|
||||
@@ -42,7 +42,15 @@ namespace umbraco.providers
|
||||
{
|
||||
get { return true; }
|
||||
}
|
||||
|
||||
|
||||
/// <summary>
|
||||
/// For backwards compatibility, this provider supports this option
|
||||
/// </summary>
|
||||
public override bool AllowManuallyChangingPassword
|
||||
{
|
||||
get { return true; }
|
||||
}
|
||||
|
||||
public override void Initialize(string name, System.Collections.Specialized.NameValueCollection config)
|
||||
{
|
||||
if (config == null) throw new ArgumentNullException("config");
|
||||
@@ -68,35 +76,31 @@ namespace umbraco.providers
|
||||
/// </remarks>
|
||||
protected override bool PerformChangePassword(string username, string oldPassword, string newPassword)
|
||||
{
|
||||
//NOTE: due to backwards compatibilty reasons (and UX reasons), this provider doesn't care about the old password and
|
||||
// allows simply setting the password manually so we don't really care about the old password.
|
||||
// This is allowed based on the overridden AllowManuallyChangingPassword option.
|
||||
|
||||
var args = new ValidatePasswordEventArgs(username, newPassword, false);
|
||||
OnValidatingPassword(args);
|
||||
|
||||
if (ApplicationContext.Current.IsConfigured == false && oldPassword == "default"
|
||||
|| ValidateUser(username, oldPassword))
|
||||
if (args.Cancel)
|
||||
{
|
||||
var args = new ValidatePasswordEventArgs(username, newPassword, false);
|
||||
OnValidatingPassword(args);
|
||||
if (args.FailureInformation != null)
|
||||
throw args.FailureInformation;
|
||||
throw new MembershipPasswordException("Change password canceled due to password validation failure.");
|
||||
}
|
||||
|
||||
if (args.Cancel)
|
||||
{
|
||||
if (args.FailureInformation != null)
|
||||
throw args.FailureInformation;
|
||||
throw new MembershipPasswordException("Change password canceled due to password validation failure.");
|
||||
}
|
||||
var user = new User(username);
|
||||
//encrypt/hash the new one
|
||||
string salt;
|
||||
var encodedPassword = EncryptOrHashNewPassword(newPassword, out salt);
|
||||
|
||||
var user = new User(username);
|
||||
//encrypt/hash the new one
|
||||
string salt;
|
||||
var encodedPassword = EncryptOrHashNewPassword(newPassword, out salt);
|
||||
//Yes, it's true, this actually makes a db call to set the password
|
||||
user.Password = FormatPasswordForStorage(encodedPassword, salt);
|
||||
//call this just for fun.
|
||||
user.Save();
|
||||
|
||||
//Yes, it's true, this actually makes a db call to set the password
|
||||
user.Password = FormatPasswordForStorage(encodedPassword, salt);
|
||||
//call this just for fun.
|
||||
user.Save();
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
return true;
|
||||
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user