Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[#108] Add reset password hooks #109

Merged
merged 2 commits into from
Jan 16, 2024
Merged

[#108] Add reset password hooks #109

merged 2 commits into from
Jan 16, 2024

Conversation

matthewhilton
Copy link
Contributor

@matthewhilton matthewhilton commented Sep 1, 2023
edited
Loading

Closes #108

Since core does not send password reset emails to suspended accounts, I configured a hook in auth_enrolkey to send them itself if:

  1. unsuspendaccounts is enabled [1]
  2. User is using enrolkey
  3. User is suspended

This works, but the user gets logged in after resetting their password despite still being suspended.

So I also added a post set password request hook where if:

  1. The user is using enrolkey
  2. The user is suspended

They are logged out immediately

This ends up with the desired flow:

  1. User is using enrolkey, but is suspended
  2. They request a password reset
  3. Password reset email is delivered (via new hook)
  4. User resets password and continues
  5. User is logged out (via new hook)
  6. User logs in using username + newly reset password
  7. User is redirected to unsuspend.php (existing) since they are suspended
  8. User is prompted to enter username + password + enrolkey to unsuspend account

[1]

On the login, if a user is suspended, and is using the enrolkey authentication type, redirect them to an intermediate page which asks for their username, password and enrolkey to un-suspend them

TODO

  • Unit tests ?
  • CI fixed

@matthewhilton matthewhilton marked this pull request as draft September 1, 2023 03:54
@matthewhilton matthewhilton force-pushed the 108-reset-password-hooks branch 4 times, most recently from 8f3b648 to 00b127c Compare January 11, 2024 03:01
@matthewhilton matthewhilton force-pushed the 108-reset-password-hooks branch from 00b127c to 906779d Compare January 11, 2024 03:22
@matthewhilton matthewhilton marked this pull request as ready for review January 11, 2024 03:30
@matthewhilton matthewhilton force-pushed the 108-reset-password-hooks branch from b98a641 to 0426a19 Compare January 11, 2024 21:42
@Peterburnett Peterburnett merged commit 096608e into master Jan 16, 2024
20 checks passed
@Peterburnett Peterburnett deleted the 108-reset-password-hooks branch January 16, 2024 01:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Suspended users cannot reset their password, and so cannot use the self-unsuspend feature
2 participants
@matthewhilton @Peterburnett