Add security token when forcing password reset (#1639)
This commit is contained in:
parent
c400495635
commit
5f800003fd
|
@ -133,12 +133,16 @@ sub authenticate {
|
|||
}
|
||||
|
||||
# Remember password if password reset needed
|
||||
$req->data->{oldpassword} = $req->data->{password}
|
||||
if (
|
||||
if (
|
||||
$res == PE_PP_CHANGE_AFTER_RESET
|
||||
or ( $res == PE_PP_PASSWORD_EXPIRED
|
||||
and $self->conf->{ldapAllowResetExpiredPassword} )
|
||||
);
|
||||
)
|
||||
{
|
||||
$req->data->{oldpassword} = $self->{password};
|
||||
$req->data->{noerror} = 1;
|
||||
$self->setSecurity($req);
|
||||
}
|
||||
|
||||
return $res;
|
||||
}
|
||||
|
|
|
@ -46,6 +46,7 @@ sub authenticate {
|
|||
{
|
||||
$req->data->{oldpassword} = $self->{password};
|
||||
$req->data->{noerror} = 1;
|
||||
$self->setSecurity($req);
|
||||
}
|
||||
|
||||
return $res;
|
||||
|
|
|
@ -11,6 +11,10 @@
|
|||
</TMPL_IF>
|
||||
<input type="hidden" name="skin" value="<TMPL_VAR NAME="SKIN">" />
|
||||
|
||||
<TMPL_IF NAME="TOKEN">
|
||||
<input type="hidden" name="token" value="<TMPL_VAR NAME="TOKEN">" />
|
||||
</TMPL_IF>
|
||||
|
||||
<TMPL_IF NAME="LOGIN">
|
||||
<div class="input-group mb-3">
|
||||
<input name="user" type="hidden" value="<TMPL_VAR NAME=LOGIN>" />
|
||||
|
|
Loading…
Reference in New Issue
Block a user