Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New password generation method: send user email # 15461 #16519

Merged
merged 1 commit into from
Aug 30, 2024
Merged

New password generation method: send user email # 15461 #16519

merged 1 commit into from
Aug 30, 2024

Conversation

Mark-H
Copy link
Collaborator

@Mark-H Mark-H commented Feb 10, 2024

What does it do?

This is a re-up of #15461 originally by @sdrenth back in 2021, which has gone stale waiting for some minor changes. I've rebased it, tweaked it, tested it, so we can include it in 3.1.

This adds a new option for setting the password when creating/updating a user: send the user a link to set their password. That's more secure and builds upon improvements to the password reset flow that was done in 3.0.

Why is it needed?

Showing the password on screen or manually setting a password is kinda outdated and insecure.

How to test

Create and/or edit a user, and choose "Let the user choose their own password via email" for the password method. Look for the email (make sure you have email delivery set up beforehand) and attempt to set the new password.

Related issue(s)/PR(s)

This PR replaces the stale PR #15461

Sterc#22
#13973
Sterc#31

@Mark-H Mark-H added this to the v3.1.0 milestone Feb 10, 2024
@Mark-H Mark-H requested a review from opengeek as a code owner February 10, 2024 11:09
@Mark-H Mark-H mentioned this pull request Feb 10, 2024
Closed
@codecov Codecov
Copy link

codecov bot commented Feb 10, 2024
edited
Loading

Codecov Report

Attention: 77 lines in your changes are missing coverage. Please review.

Comparison is base (73bfd27) 21.68% compared to head (f20d31e) 21.63%.

Files Patch % Lines
...src/Revolution/Processors/Security/User/Update.php 0.00% 45 Missing ⚠️
...src/Revolution/Processors/Security/User/Create.php 0.00% 30 Missing ⚠️
...Revolution/Processors/Security/User/Validation.php 0.00% 2 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff              @@
##                3.x   #16519      +/-   ##
============================================
- Coverage     21.68%   21.63%   -0.05%     
- Complexity    10496    10502       +6     
============================================
  Files           561      561              
  Lines         31703    31771      +68     
============================================
  Hits           6875     6875              
- Misses        24828    24896      +68

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

theboxer
theboxer approved these changes Mar 25, 2024
View reviewed changes
Copy link
Member

@theboxer theboxer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👏 thx for the update

@opengeek
Copy link
Member

@Mark-H — if you have a moment, could you take a look at resolving the conflicts in this so I can get it integrated?

@sdrenth @opengeek
Added option to let user generate password via email
7d6e46d 
Tweaks from feedback and phpstorm hints
@opengeek opengeek merged commit aab292e into modxcms:3.x Aug 30, 2024
5 checks passed
@MaticSulc MaticSulc mentioned this pull request Dec 23, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@theboxer theboxer theboxer approved these changes

@opengeek opengeek Awaiting requested review from opengeek opengeek is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v3.1.0
Development

Successfully merging this pull request may close these issues.
4 participants
@Mark-H @opengeek @theboxer @sdrenth