stable

Clone or download

Read-only

request #6154 - Cannot change password upon expiration

Behaviour change: - Before this commit, user was not authenticated (session/Cookie) when they were changing their password - Now, the session is open but we ensure that they don't access something else than the password change page (change_pw) until they actually change the F%*! password. Security plus: * The password changing form is CSRF checked * The login screen is brute force protected (it was not the case of change_pw) Change-Id: I3d553633b53d46d906c322dfe2e912129df2a9d5 Conflicts: src/common/autoload.php

Modified Files

Name
M site-content/en_US/include/include.tab +1 −0 Go to diff View file
M site-content/fr_FR/include/include.tab +1 −0 Go to diff View file
M src/common/REST/TokenAuthentication.class.php +6 −2 Go to diff View file
M src/common/Token/REST/v1/TokenResource.class.php +3 −1 Go to diff View file
M src/common/autoload.php +3 −2 Go to diff View file
M src/common/include/URLVerification.class.php +18 −2 Go to diff View file
M src/common/user/LoginManager.class.php +11 −37 Go to diff View file
A src/common/user/PasswordExpirationChecker.class.php +72 −0 Go to diff View file
M src/common/user/UserManager.class.php +6 −18 Go to diff View file
M tests/simpletest/common/user/LoginManagerTest.php +13 −46 Go to diff View file
A tests/simpletest/common/user/PasswordExpirationCheckerTest.php +45 −0 Go to diff View file