Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

request #12219: Reset passord links are not invalidated on password change

Download Browse

Reset tokens and sessions are now invalidated when the password of an account is changed. This limit persistence of accesses in case of a compromission. Change-Id: Ibf94d4b1e269f2775524975de63417f34e2db2d6

+226 −17
Thomas Gerbet (tgerbet) 2018-09-03 11:24
Thomas Gerbet (tgerbet) 2018-09-03 14:37
4050b0aafd18346d9a6a06967bfb1170824dab17
dbf45d0266ccafec2e88815f3fc72090bba59bf3
git #tuleap/stable/4050b0aafd18346d9a6a06967bfb1170824dab17

Modified Files

Side by side diff
Inline diff
Name
M src/common/autoload.php +4 −2 Go to diff View file
M src/common/dao/SessionDao.class.php +10 −1 Go to diff View file
A src/common/user/Password/Change/PasswordChangeException.php +25 −0 Go to diff View file
A src/common/user/Password/Change/PasswordChanger.php +65 −0 Go to diff View file
M src/common/user/SessionManager.php +12 −1 Go to diff View file
M src/www/account/change_pw.php +15 −7 Go to diff View file
M src/www/admin/usergroup.php +12 −6 Go to diff View file
A tests/phpunit/common/User/Change/PasswordChangerTest.php +83 −0 Go to diff View file