miguel456/athenahr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: prevent forced password reset for passwordless users

Browse Source 
Signed-off-by: miguel456 <me@nogueira.codes>
This commit is contained in:
Miguel Nogueira 2022-10-21 07:47:03 +01:00
parent c6bc4da41c
commit cfdc0eb37b
No known key found for this signature in database
GPG Key ID: 3C6A7E29AF26D370
2 changed files with 41 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/Http/Controllers/UserController.php
View File

@ -358,6 +358,8 @@ class UserController extends Controller
public function forcePasswordReset(User $user) { public function forcePasswordReset(User $user) {
$this->authorize('adminEdit', $user); $this->authorize('adminEdit', $user);
if (!$user->hasPassword()) {
$user->notify(new PasswordAdminResetNotification()); $user->notify(new PasswordAdminResetNotification());
$user->password = null; $user->password = null;
@ -371,7 +373,12 @@ class UserController extends Controller
return redirect() return redirect()
->back() ->back()
->with('success', 'Account password removed.'); ->with('success', __('Account password removed.'));
}
return redirect()
->back()
->with('error', __('This user doesn\'t have a password to reset.'));
} }

8
resources/views/dashboard/user/manage.blade.php
View File

@ -43,6 +43,7 @@
@endif @endif
@if($user->hasPassword())
<x-modal id="resetAccountPasswordModal" modal-label="resetAccountPassword" modal-title="{{ __('Verify your identity') }}" include-close-button="true"> <x-modal id="resetAccountPasswordModal" modal-label="resetAccountPassword" modal-title="{{ __('Verify your identity') }}" include-close-button="true">
<p>{{ __('Forcing a password reset will automatically notify the account holder and send them a password reset link. Please confirm this action by verifying your identity below.') }}</p> <p>{{ __('Forcing a password reset will automatically notify the account holder and send them a password reset link. Please confirm this action by verifying your identity below.') }}</p>
@ -66,6 +67,7 @@
</x-slot> </x-slot>
</x-modal> </x-modal>
@endif
<x-modal id="banAccountModal" modal-label="banAccount" modal-title="{{__('Please confirm')}}" include-close-button="true"> <x-modal id="banAccountModal" modal-label="banAccount" modal-title="{{__('Please confirm')}}" include-close-button="true">
@ -423,7 +425,13 @@
<button type="submit" class="btn btn-success mr-2"><i class="fas fa-user"></i> {{ __('Unsuspend account') }}</button> <button type="submit" class="btn btn-success mr-2"><i class="fas fa-user"></i> {{ __('Unsuspend account') }}</button>
</form> </form>
@endif @endif
@if($user->hasPassword())
<button onclick="$('#resetAccountPasswordModal').modal('show')" class="btn-danger btn mr-3" type="button"><i class="fas fa-key"></i> {{ __('Force password reset') }}</button> <button onclick="$('#resetAccountPasswordModal').modal('show')" class="btn-danger btn mr-3" type="button"><i class="fas fa-key"></i> {{ __('Force password reset') }}</button>
@else
<button disabled class="btn-danger btn mr-3" type="button"><i class="fas fa-key"></i> {{ __('Force password reset') }}</button>
@endif
@if($user->has2FA()) @if($user->has2FA())
<button onclick="$('#resetTwoFactorModal').modal('show')" class="btn-danger btn mr-3" type="button"><i class="fas fa-unlock"></i> {{ __('Reset MFA') }}</button> <button onclick="$('#resetTwoFactorModal').modal('show')" class="btn-danger btn mr-3" type="button"><i class="fas fa-unlock"></i> {{ __('Reset MFA') }}</button>
@endif @endif