Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#2583] - [#32789] Add the ability to require a user to reset their password

? Error

User tests: Successful: Unsuccessful:

avatar mbabker
mbabker
24 Nov 2013

Overview

IMPORTANT: Please see Joomla! Tracker item 32789

In the core CMS, there is currently not a mechanism in place to allow administrators to require site users to reset their passwords. This pull request implements this mechanism.

Test instructions

To test this feature, you will need to apply the patch and perform a new install of the CMS (test upgrade packages are not available at the moment). Once installed, go to the User Manager and create additional test users. Note that when creating and editing users other than your own account, the "Require Password Reset" option is present. Also edit the user account you are logged in with and verify the "Require Password Reset" option is not present. Users flagged as requiring a password reset will have a note displayed in the list view indicating such.

Batch processing accounts for flagging to reset is also provided. In the User Manager: Users list view, select account(s) that you want to flag or unflag for reset, click the Batch button in the toolbar, and select the appropriate option.

With a user flagged as requiring their password be reset, log in with that user. The user should be directed to the profile edit view for the application. In the profile edit view, change any information but the password and save the changes, you should have a successful save event but continue to be on the profile edit view with the password reset message. Now change the user's password and save again, the password reset message is gone and the user is able to navigate the site.

Project management information

Backwards compatibility

A potential break in backwards compatibility is possible. In order to properly reset the password reset flag, the JUser object must be reset in the session when the logged in user saves a change to their profile. Current behavior is that the user object is not changed.

Developer information

A new class variable, $requireReset, is added to JUser.

Language changes

This PR adds language strings to convey all required information in all scenarios.

avatar mbabker mbabker - open - 24 Nov 2013
avatar betweenbrain
betweenbrain - comment - 24 Nov 2013

Can you please create, and post a link to, a tracker item for this. :smirk:

avatar mbabker mbabker - change - 24 Nov 2013
The description was changed
Description <h1>Overview</h1> <p><strong>IMPORTANT</strong>: Please see Joomla! Tracker item <a href="http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&amp;tracker_item_id=32789">32789</a></p> <p>In the core CMS, there is currently not a mechanism in place to allow administrators to require site users to reset their passwords. This pull request implements this mechanism.</p> <h1>Test instructions</h1> <p>To test this feature, you will need to apply the patch and perform a new install of the CMS (test upgrade packages are not available at the moment). Once installed, go to the User Manager and create additional test users. Note that when creating and editing users other than your own account, the "Require Password Reset" option is present. Also edit the user account you are logged in with and verify the "Require Password Reset" option is not present. Users flagged as requiring a password reset will have a note displayed in the list view indicating such.</p> <p>Batch processing accounts for flagging to reset is also provided. In the User Manager: Users list view, select account(s) that you want to flag or unflag for reset, click the Batch button in the toolbar, and select the appropriate option.</p> <p>With a user flagged as requiring their password be reset, log in with that user. The user should be directed to the profile edit view for the application. In the profile edit view, change any information but the password and save the changes, you should have a successful save event but continue to be on the profile edit view with the password reset message. Now change the user's password and save again, the password reset message is gone and the user is able to navigate the site.</p> <h1>Project management information</h1> <h2>Backwards compatibility</h2> <p>A potential break in backwards compatibility is possible. In order to properly reset the password reset flag, the JUser object must be reset in the session. Current behavior is that the user object is not changed.</p> <h2>Developer information</h2> <p>A new class variable, <code>$requireReset</code>, is added to <code>JUser</code>.</p> <h2>Language changes</h2> <p>This PR adds language strings to convey all required information in all scenarios.</p> <h1>Overview</h1> <p><strong>IMPORTANT</strong>: Please see Joomla! Tracker item <a href="http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&amp;tracker_item_id=32789">32789</a></p> <p>In the core CMS, there is currently not a mechanism in place to allow administrators to require site users to reset their passwords. This pull request implements this mechanism.</p> <h1>Test instructions</h1> <p>To test this feature, you will need to apply the patch and perform a new install of the CMS (test upgrade packages are not available at the moment). Once installed, go to the User Manager and create additional test users. Note that when creating and editing users other than your own account, the "Require Password Reset" option is present. Also edit the user account you are logged in with and verify the "Require Password Reset" option is not present. Users flagged as requiring a password reset will have a note displayed in the list view indicating such.</p> <p>Batch processing accounts for flagging to reset is also provided. In the User Manager: Users list view, select account(s) that you want to flag or unflag for reset, click the Batch button in the toolbar, and select the appropriate option.</p> <p>With a user flagged as requiring their password be reset, log in with that user. The user should be directed to the profile edit view for the application. In the profile edit view, change any information but the password and save the changes, you should have a successful save event but continue to be on the profile edit view with the password reset message. Now change the user's password and save again, the password reset message is gone and the user is able to navigate the site.</p> <h1>Project management information</h1> <h2>Backwards compatibility</h2> <p>A potential break in backwards compatibility is possible. In order to properly reset the password reset flag, the JUser object must be reset in the session when the logged in user saves a change to their profile. Current behavior is that the user object is not changed.</p> <h2>Developer information</h2> <p>A new class variable, <code>$requireReset</code>, is added to <code>JUser</code>.</p> <h2>Language changes</h2> <p>This PR adds language strings to convey all required information in all scenarios.</p>
Labels Added: ? ?
avatar mbabker
mbabker - comment - 17 Feb 2014

Closing, retargeting to 3.3-dev

avatar mbabker mbabker - change - 17 Feb 2014
Status New Closed
Closed_Date 0000-00-00 00:00:00 2014-02-17 03:23:51
avatar mbabker mbabker - close - 17 Feb 2014
avatar mbabker mbabker - close - 17 Feb 2014

Add a Comment

Login with GitHub to post a comment