From cfdc0eb37b122f5c14a3b31a48d5ea38023cd24d Mon Sep 17 00:00:00 2001 From: miguel456 Date: Fri, 21 Oct 2022 07:47:03 +0100 Subject: [PATCH] feat: prevent forced password reset for passwordless users Signed-off-by: miguel456 --- app/Http/Controllers/UserController.php | 23 ++++++---- .../views/dashboard/user/manage.blade.php | 44 +++++++++++-------- 2 files changed, 41 insertions(+), 26 deletions(-) diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php index a6a1394..3944609 100755 --- a/app/Http/Controllers/UserController.php +++ b/app/Http/Controllers/UserController.php @@ -358,20 +358,27 @@ class UserController extends Controller public function forcePasswordReset(User $user) { $this->authorize('adminEdit', $user); - $user->notify(new PasswordAdminResetNotification()); - $user->password = null; - $user->save(); + if (!$user->hasPassword()) { + $user->notify(new PasswordAdminResetNotification()); + + $user->password = null; + $user->save(); - Log::alert("Removed account password", [ - 'target' => $user, - 'actor' => Auth::user() - ]); + Log::alert("Removed account password", [ + 'target' => $user, + 'actor' => Auth::user() + ]); + + return redirect() + ->back() + ->with('success', __('Account password removed.')); + } return redirect() ->back() - ->with('success', 'Account password removed.'); + ->with('error', __('This user doesn\'t have a password to reset.')); } diff --git a/resources/views/dashboard/user/manage.blade.php b/resources/views/dashboard/user/manage.blade.php index 8c3879b..1313efe 100755 --- a/resources/views/dashboard/user/manage.blade.php +++ b/resources/views/dashboard/user/manage.blade.php @@ -43,29 +43,31 @@ @endif - + @if($user->hasPassword()) + -

{{ __('Forcing a password reset will automatically notify the account holder and send them a password reset link. Please confirm this action by verifying your identity below.') }}

+

{{ __('Forcing a password reset will automatically notify the account holder and send them a password reset link. Please confirm this action by verifying your identity below.') }}

-
- @csrf - @method('patch') + + @csrf + @method('patch') - - {{ __('Re-entering your password is required to confirm sensitive administration actions.') }} - + + {{ __('Re-entering your password is required to confirm sensitive administration actions.') }} + - - {{ __('Two-factor authentication is required to confirm sensitive administration actions.') }} - + + {{ __('Two-factor authentication is required to confirm sensitive administration actions.') }} + -
+ - - - + + + -
+
+ @endif @@ -413,7 +415,7 @@ @endif - @if (!$isSuspended) + @if (!$isSuspended) @else
@@ -423,7 +425,13 @@
@endif - + + @if($user->hasPassword()) + + @else + + @endif + @if($user->has2FA()) @endif