stable
Clone or download
Read-only
request #6154 - Cannot change password upon expiration
Behaviour change: - Before this commit, user was not authenticated (session/Cookie) when they were changing their password - Now, the session is open but we ensure that they don't access something else than the password change page (change_pw) until they actually change the F%*! password. Security plus: * The password changing form is CSRF checked * The login screen is brute force protected (it was not the case of change_pw) Change-Id: I3d553633b53d46d906c322dfe2e912129df2a9d5
Modified Files
| Name | ||||
|---|---|---|---|---|
| M | site-content/en_US/include/include.tab | +1 | −0 | Go to diff View file |
| M | site-content/fr_FR/include/include.tab | +1 | −0 | Go to diff View file |
| M | src/common/REST/TokenAuthentication.class.php | +6 | −2 | Go to diff View file |
| M | src/common/Token/REST/v1/TokenResource.class.php | +3 | −1 | Go to diff View file |
| M | src/common/autoload.php | +3 | −2 | Go to diff View file |
| M | src/common/include/URLVerification.class.php | +18 | −2 | Go to diff View file |
| M | src/common/user/LoginManager.class.php | +11 | −37 | Go to diff View file |
| A | src/common/user/PasswordExpirationChecker.class.php | +72 | −0 | Go to diff View file |
| M | src/common/user/UserManager.class.php | +6 | −18 | Go to diff View file |
| M | tests/simpletest/common/user/LoginManagerTest.php | +13 | −46 | Go to diff View file |
| A | tests/simpletest/common/user/PasswordExpirationCheckerTest.php | +45 | −0 | Go to diff View file |