Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#3393] - [#33539] Do not log in the user using cookie if a password reset is required

Success

User tests: Successful: Unsuccessful:

avatar Bakual
Bakual
30 Mar 2014

Issue

The recently merged PR #3128 introduces the ability to require a password reset which forces the user to the profile page after he logged in. This works fine.
However if the user is logged in using the remember me cookie, it results in an interesting situation where the user has to edit the profile page, but isn't allowed because he is logged in using a cookie :smile:
There is no way out as the user is stuck on the profile page which he is unable to leave and isn't allowed to save.

Proposed Fix

This PR adds a check in the cookie authentication plugin which only logs the user in if requireReset isn't set.

Tracker

http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=33539

avatar Bakual Bakual - open - 30 Mar 2014
avatar dbhurley
dbhurley - comment - 1 Apr 2014

Good catch. Makes good sense.

avatar dbhurley dbhurley - change - 1 Apr 2014
Status New Closed
Closed_Date 0000-00-00 00:00:00 2014-04-01 01:16:52
avatar dbhurley dbhurley - change - 1 Apr 2014
Title
Do not log in the user using cookie if a password reset is required
[#33539] Do not log in the user using cookie if a password reset is required
avatar dbhurley dbhurley - close - 1 Apr 2014
avatar dbhurley dbhurley - reference | - 1 Apr 14
avatar dbhurley dbhurley - merge - 1 Apr 2014
avatar dbhurley dbhurley - close - 1 Apr 2014
avatar Bakual Bakual - change - 1 Apr 2014
Title
Do not log in the user using cookie if a password reset is required
[#33539] Do not log in the user using cookie if a password reset is required
avatar Bakual Bakual - reference | 01c7b95 - 12 May 14
avatar Bakual Bakual - head_ref_deleted - 12 May 2014

Add a Comment

Login with GitHub to post a comment