-
-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add "this wasn't me" functionality to password reset process #22705
base: 5.x-dev
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've added a couple of suggestions for possible improvements. Functional testing worked fine, though.
* | ||
* @param string $cancelResetPasswordContent The content to render. | ||
*/ | ||
Piwik::postEvent('Template.loginCancelResetPasswordContent', [&$cancelResetPasswordContent]); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The event could also be posted directly in the template within a {{ set }}
or similar. Might be a bit less complex, as you can directly see in the template where the data is coming from. On the other side is the comment here above useful and we couldn't add it similarly in the template. So guess I would keep it that way.
Co-authored-by: Stefan Giehl <stefan@matomo.org>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One minor thing left. Everything else now looks good to me.
Co-authored-by: Stefan Giehl <stefan@matomo.org>
Description:
Extends the password reset process with a "this wasn't me" functionality.
A new link was added to the (reworded) password reset email, allowing a user to invalidate the reset token without changing the user's password.
To support replacing the "reset password process cancelled" view, the event
Template.loginCancelResetPasswordContent
can be listened to. Writing any content to this event's variable will display that instead of the default content.To prepare future auditing capabilities, the reset process has received the events for the three potential steps:
Login.resetPassword.initiated
Login.resetPassword.cancelled
Login.resetPassword.confirmed
fixes #14543
Refs DEV-14582
Review