User tests: Successful: Unsuccessful:
This is a rebase of PR #2583.
IMPORTANT: Please see Joomla! Tracker item 32789
In the core CMS, there is currently not a mechanism in place to allow administrators to require site users to reset their passwords. This pull request implements this mechanism.
To test this feature, you will need to apply the patch and perform a new install of the CMS (test upgrade packages are not available at the moment). Once installed, go to the User Manager and create additional test users. Note that when creating and editing users other than your own account, the "Require Password Reset" option is present. Also edit the user account you are logged in with and verify the "Require Password Reset" option is not present. Users flagged as requiring a password reset will have a note displayed in the list view indicating such.
Batch processing accounts for flagging to reset is also provided. In the User Manager: Users list view, select account(s) that you want to flag or unflag for reset, click the Batch button in the toolbar, and select the appropriate option.
With a user flagged as requiring their password be reset, log in with that user. The user should be directed to the profile edit view for the application. In the profile edit view, change any information but the password and save the changes, you should have a successful save event but continue to be on the profile edit view with the password reset message. Now change the user's password and save again, the password reset message is gone and the user is able to navigate the site.
Note that the above should be tested using the current password for the flagged user as well. Code is in place to check if the current password is being reused and will alert the user if this is the case and prevent changing the password.
A potential break in backwards compatibility is possible. In order to properly reset the password reset flag, the JUser object must be reset in the session when the logged in user saves a change to their profile. Current behavior is that the user object is not changed.
A new class variable, $requireReset
, is added to JUser
.
This PR adds language strings to convey all required information in all scenarios.
Status | New | ⇒ | Closed |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2014-03-28 08:35:29 |