Commit 5f800003 authored by Clément OUDOT's avatar Clément OUDOT

Add security token when forcing password reset (#1639)

parent c4004956
Pipeline #4292 passed with stages
in 10 minutes and 7 seconds
......@@ -133,12 +133,16 @@ sub authenticate {
}
# Remember password if password reset needed
$req->data->{oldpassword} = $req->data->{password}
if (
if (
$res == PE_PP_CHANGE_AFTER_RESET
or ( $res == PE_PP_PASSWORD_EXPIRED
and $self->conf->{ldapAllowResetExpiredPassword} )
);
)
{
$req->data->{oldpassword} = $self->{password};
$req->data->{noerror} = 1;
$self->setSecurity($req);
}
return $res;
}
......
......@@ -46,6 +46,7 @@ sub authenticate {
{
$req->data->{oldpassword} = $self->{password};
$req->data->{noerror} = 1;
$self->setSecurity($req);
}
return $res;
......
......@@ -11,6 +11,10 @@
</TMPL_IF>
<input type="hidden" name="skin" value="<TMPL_VAR NAME="SKIN">" />
<TMPL_IF NAME="TOKEN">
<input type="hidden" name="token" value="<TMPL_VAR NAME="TOKEN">" />
</TMPL_IF>
<TMPL_IF NAME="LOGIN">
<div class="input-group mb-3">
<input name="user" type="hidden" value="<TMPL_VAR NAME=LOGIN>" />
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment