miguel456/athenahr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: prevent forced password reset for passwordless users

Browse Source 
Signed-off-by: miguel456 <me@nogueira.codes>
This commit is contained in:
Miguel Nogueira
2022-10-21 07:47:03 +01:00
parent c6bc4da41c
commit cfdc0eb37b
2 changed files with 41 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
app/Http/Controllers/UserController.php
View File

@@ -358,20 +358,27 @@ class UserController extends Controller
public function forcePasswordReset(User $user) {
$this->authorize('adminEdit', $user);
$user->notify(new PasswordAdminResetNotification());
$user->password = null;
$user->save();
if (!$user->hasPassword()) {
$user->notify(new PasswordAdminResetNotification());
$user->password = null;
$user->save();
Log::alert("Removed account password", [
'target' => $user,
'actor' => Auth::user()
]);
Log::alert("Removed account password", [
'target' => $user,
'actor' => Auth::user()
]);
return redirect()
->back()
->with('success', __('Account password removed.'));
}
return redirect()
->back()
->with('success', 'Account password removed.');
->with('error', __('This user doesn\'t have a password to reset.'));
}