User tests: Successful: Unsuccessful:
Pull Request for Issue #17825 .
new method 'onUserBeforeSave'
deletes all #__user_keys database records for current user, if he changed his password (and this option is activated in the plugin configuration.
Website should not allow you to login without providing new password
staging...schultz-it-solutions:patch-1 (Plugin XML definition)
staging...schultz-it-solutions:patch-3 (Language File)
staging...schultz-it-solutions:patch-4 (Language File)
Category | ⇒ | Front End Plugins |
Status | New | ⇒ | Pending |
please add your other changes to this pr. you can do that by going to this branch in your fork and editing the files there. they will then be added automatically to this pull request
Labels |
Added:
?
|
Category | Front End Plugins | ⇒ | Administration Language & Strings Front End Plugins |
Labels |
Added:
?
|
Please follow XML coding style:
https://developer.joomla.org/coding-standards/xml.html
Do we really need an option for that? I would just go without it.
If you really want that parameter, the default values in code and in XML will have to match to prevent unexpected behavior.
Another thing to consider: You put the code into the "System - Remember" plugin, but that is actually just a proxy plugin so the real "Authentication - Cookie" plugin can do its work. So this code should go into that authentication plugin instead.
If we aren't importing authentication plugins in the MVC for CRUD actions then this is the right plugin.
How about we import the authentication plugins instead? I'd say that should be easy and could be useful for other authentication plugins as well. I don't think it's a good idea to spread the logic of the cookie plugin (again) over multiple ones. If we can, it should be kept within the cookie one.
The authentication plugins shouldn't be handling CRUD actions (since some people seem to be overly concerned about what tasks specific plugin groups actually listen to, apparently we should have a "User - Remember Me" plugin for this task if you buy into their thinking
The authentication plugins in general aren't treated the same as every other plugin group, there are actually only two places in core where they are actually loaded as "real" plugins otherwise the Authentication class pulls the plugin objects out of the dispatcher and direct calls the methods (so not using the event system). I would be hesitant to add more plugin based functionality to this plugin group since it is not treated as a correct plugin group (if we want to use it as a real plugin group the authentication system needs to be refactored to use proper events and not the crap logic it has now).
As far as where the code is, things are fine right now.
On the "user message": I may be "over sensible" in this respect, because of the underlying story why this pr exists...
If you think this user message is "clutter", I am not oposing this!
Do you guys think we need that option? Is there a reason you do not want to reset the cookies after a password change? Imho that "feature" should always be enabled. I don't see why someone would want to disable it. So the option could be removed to make the code simpler.
Agreed. Why would you want to enable a bad option
Do you guys think we need that option? Is there a reason you do not want to reset the cookies after a password change? Imho that "feature" should always be enabled. I don't see why someone would want to disable it. So the option could be removed to make the code simpler.
I was reading this from top, and was going to write that an option should not be added,
this behaviour should not be possible to disable !
Category | Front End Plugins Administration Language & Strings | ⇒ | Language & Strings Front End Plugins |
Category | Front End Plugins Language & Strings | ⇒ | Front End Plugins |
is there anything left to be done before this PR gets merged back?
@schultz-it-solutions at least it needs 2 successfully Tests.
Labels |
Removed:
?
|
I have tested this item
I have tested this item
Status | Pending | ⇒ | Ready to Commit |
Ready to Commit after two successful tests.
Status | Ready to Commit | ⇒ | Fixed in Code Base |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2018-02-07 00:49:52 |
Closed_By | ⇒ | zero-24 | |
Labels |
Added:
?
|
Merged thanks!
The code has some code styling issues: