recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Allow passwords to be edited even if `account.editable` is `false`

Summary:
Fixes T5900. We have some very old code here which does not let you update your password if the `account.editable` flag is set.

This was approximately introduced in D890, and I think it was mostly copy/pasted at that point. I'm not sure this ever really made sense. The option is not documented as affecting this, for example. In the modern environment of auth providers, it definitely does not make sense.

Instead, always allow users to change passwords if the install has a password provider configured.

Test Plan:
- Set `account.editable` to false.
- Used a password reset link.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5900

Differential Revision: https://secure.phabricator.com/D10331

epriestley 4a566f9e 05eb77c0

+3 -10
+1 -1
src/applications/auth/controller/PhabricatorAuthOneTimeLoginController.php
··· 120 120 $next = '/'; 121 121 if (!PhabricatorPasswordAuthProvider::getPasswordProvider()) { 122 122 $next = '/settings/panel/external/'; 123 - } else if (PhabricatorEnv::getEnvConfig('account.editable')) { 123 + } else { 124 124 125 125 // We're going to let the user reset their password without knowing 126 126 // the old one. Generate a one-time token for that.
+2 -9
src/applications/settings/panel/PhabricatorSettingsPanelPassword.php
··· 16 16 } 17 17 18 18 public function isEnabled() { 19 - // There's no sense in showing a change password panel if the user 20 - // can't change their password... 21 - 22 - if (!PhabricatorEnv::getEnvConfig('account.editable')) { 23 - return false; 24 - } 25 - 26 - // ...or this install doesn't support password authentication at all. 27 - 19 + // There's no sense in showing a change password panel if this install 20 + // doesn't support password authentication. 28 21 if (!PhabricatorPasswordAuthProvider::getPasswordProvider()) { 29 22 return false; 30 23 }