feat: prevent forced password reset for passwordless users

Signed-off-by: miguel456 <me@nogueira.codes>
2022-10-21 07:47:03 +01:00 · 2022-10-21 07:47:03 +01:00 · cfdc0eb37b
commit cfdc0eb37b
parent c6bc4da41c
2 changed files with 41 additions and 26 deletions
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@ -358,6 +358,8 @@ class UserController extends Controller
    public function forcePasswordReset(User $user) {

        $this->authorize('adminEdit', $user);
+
+        if (!$user->hasPassword()) {
            $user->notify(new PasswordAdminResetNotification());

            $user->password = null;
@ -371,7 +373,12 @@ class UserController extends Controller

            return redirect()
                ->back()
-            ->with('success', 'Account password removed.');
+                ->with('success', __('Account password removed.'));
+        }
+
+        return redirect()
+            ->back()
+            ->with('error', __('This user doesn\'t have a password to reset.'));
    }


--- a/resources/views/dashboard/user/manage.blade.php
+++ b/resources/views/dashboard/user/manage.blade.php
@ -43,6 +43,7 @@

    @endif

+    @if($user->hasPassword())
        <x-modal id="resetAccountPasswordModal" modal-label="resetAccountPassword" modal-title="{{ __('Verify your identity') }}" include-close-button="true">

            <p>{{ __('Forcing a password reset will automatically notify the account holder and send them a password reset link. Please confirm this action by verifying your identity below.') }}</p>
@ -66,6 +67,7 @@
            </x-slot>

        </x-modal>
+    @endif

    <x-modal id="banAccountModal" modal-label="banAccount" modal-title="{{__('Please confirm')}}" include-close-button="true">

@ -423,7 +425,13 @@
                                <button type="submit" class="btn btn-success mr-2"><i class="fas fa-user"></i> {{ __('Unsuspend account') }}</button>
                            </form>
                        @endif
+
+                        @if($user->hasPassword())
                            <button onclick="$('#resetAccountPasswordModal').modal('show')" class="btn-danger btn mr-3" type="button"><i class="fas fa-key"></i> {{ __('Force password reset') }}</button>
+                        @else
+                            <button disabled class="btn-danger btn mr-3" type="button"><i class="fas fa-key"></i> {{ __('Force password reset') }}</button>
+                        @endif
+
                        @if($user->has2FA())
                            <button onclick="$('#resetTwoFactorModal').modal('show')" class="btn-danger btn mr-3" type="button"><i class="fas fa-unlock"></i> {{ __('Reset MFA') }}</button>
                        @endif