Skip to content

Commit 0c52bd9

Browse files
committed
Bug #14829
Now it isn't anymore possible to change his password through the login form. This feature has been removed for security reasons. To change his password, the user has either to reset it in the login form (if this feature is enabled) or to change it in his profile page once signed in Silverpeas. When reseting his password with an invalid login id, the same message is given than with a valid login id. So nobody cannot know if a user with such a login id exists or not.
1 parent 1c6f5f3 commit 0c52bd9

File tree

17 files changed

+18
-126
lines changed

17 files changed

+18
-126
lines changed

core-api/src/test/resources/org/silverpeas/authentication/settings/authenticationSettings.properties

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -22,9 +22,6 @@
2222
# along with this program. If not, see <https://www.gnu.org/licenses/>.
2323
#
2424

25-
# Allow user to change his password from login page
26-
changePwdFromLoginPageActive = false
27-
2825
# By default login answer to personal question is not crypted
2926
loginAnswerEncrypted = false
3027

core-configuration/src/main/config/properties/org/silverpeas/authentication/multilang/forgottenPasswordMail.properties

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -27,11 +27,9 @@ newPassword.subject=Confirmation of password reset
2727
error.subject=Password reset (error)
2828
admin.subject=Password reset (request)
2929

30-
screen.title.changeRequested = Change your password
3130
screen.title.reinitRequested = Reset your password
3231
screen.title.reinitDone = Password reset
33-
screen.invalidLogin = There is no account for this login. <br/> Please check it...
34-
screen.reinitRequested = An email has been sent to the email address associated with your account. This message explains how to get a new password. <br/> Some time may be required prior to receiving this message. Remember to verify the message has not gone into your spam folder.
32+
screen.reinitRequested=An email has been sent to the email address associated with your account if this one exists. The message will explain you how to get a new password. <br/> Some time may be required prior to receiving the message. Remember to verify the message has not gone into your spam folder. <br /> <br /> If after a while you didn't receive any email, either your login is invalid or the your password change isn't allowed (in this case, contact your administrator).
3533
screen.reinitNotAllowed = Resetting your password is not allowed. <br/> Please contact your administrator ...
3634
screen.reinitDone = An email has been sent to the email address associated with your account. This message contains your new password. <br/> Some time may be required prior to receiving this message. Remember to verify the message has not gone into your spam folder.
3735
screen.reinitError = Resetting your password failed. <br/> Please contact your administrator ...

core-configuration/src/main/config/properties/org/silverpeas/authentication/multilang/forgottenPasswordMail_fr.properties

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -27,11 +27,9 @@ newPassword.subject=Confirmation de r\u00e9initialisation de mot de passe
2727
error.subject=R\u00e9initialisation de mot de passe (erreur)
2828
admin.subject=R\u00e9initialisation de mot de passe (demande)
2929

30-
screen.title.changeRequested = Changer votre mot de passe
3130
screen.title.reinitRequested = R\u00e9initialisation de votre mot de passe
3231
screen.title.reinitDone = Mot de passe r\u00e9initialis\u00e9
33-
screen.invalidLogin = Il n'existe aucun compte pour cet identifiant.<br/>Veuillez v\u00e9rifier votre identifiant...
34-
screen.reinitRequested = Un message \u00e9lectronique a \u00e9t\u00e9 envoy\u00e9 \u00e0 l'adresse \u00e9lectronique associ\u00e9e \u00e0 votre compte. Ce message explique comment obtenir un nouveau mot de passe.<br/><br/>Un certain temps peut \u00eatre n\u00e9cessaire avant la r\u00e9ception des messages. N'oubliez pas de v\u00e9rifier que le message n'est pas pass\u00e9 dans votre dossier de messages ind\u00e9sirables.
32+
screen.reinitRequested=Un message \u00e9lectronique a \u00e9t\u00e9 envoy\u00e9 \u00e0 l'adresse email associ\u00e9e \u00e0 de votre compte si celui-ci existe. Le message vous expliquera comment obtenir un nouveau mot de passe.<br/><br/>Un certain temps peut \u00eatre n\u00e9cessaire avant la r\u00e9ception des messages. N'oubliez pas de v\u00e9rifier que le message n'est pas pass\u00e9 dans votre dossier de messages ind\u00e9sirables. <br /> <br /> Si apr\u00e8s un certain temps vous n'avez toujours pas re\u00e7u de mail, soit votre identifiant est invalide, soit la modification de votre mot de passe n'est permise (auquel cas, contactez votre administrateur).
3533
screen.reinitNotAllowed = La r\u00e9initialisation de votre mot de passe n'est pas autoris\u00e9.<br/>Veuillez contacter votre administrateur...
3634
screen.reinitDone = Un message \u00e9lectronique a \u00e9t\u00e9 envoy\u00e9 \u00e0 l'adresse \u00e9lectronique associ\u00e9e \u00e0 votre compte. Ce message contient votre nouveau mot de passe.<br/><br/>Un certain temps peut \u00eatre n\u00e9cessaire avant la r\u00e9ception des messages. N'oubliez pas de v\u00e9rifier que le message n'est pas pass\u00e9 dans votre dossier de messages ind\u00e9sirables.
3735
screen.reinitError = La r\u00e9initialisation de votre mot de passe a \u00e9chou\u00e9.<br/>Veuillez contacter votre administrateur...

core-configuration/src/main/config/properties/org/silverpeas/authentication/settings/authenticationSettings.properties

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,8 +21,6 @@
2121
# You should have received a copy of the GNU Affero General Public License
2222
# along with this program. If not, see <https://www.gnu.org/licenses/>.
2323
#
24-
# Allow user to change his password from login page
25-
changePwdFromLoginPageActive = false
2624

2725
# By default, login answer to personal question is not encrypted
2826
loginAnswerEncrypted = false

core-library/src/integration-test/resources/org/silverpeas/lookAndFeel/generalLook.properties

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,6 @@ loginQuestion.1=Quelle est le nom de jeune fille de votre m\ufffdre ?
6161
loginQuestion.2=Quelle est votre ville de naissance ?
6262
loginQuestion.3=Quelle est le nom de votre animal pr\ufffdf\ufffdr\ufffd ?
6363

64-
forgottenPasswordInvalidLogin = /defaultReInitPassword.jsp?Action=InvalidLogin
6564
forgottenPasswordChangeAllowed = /defaultReInitPassword.jsp?Action=FirstMailSended
6665
forgottenPasswordChangeNotAllowed = /defaultReInitPassword.jsp?Action=ChangeNotAllowed
6766
forgottenPasswordReset = /defaultReInitPassword.jsp?Action=NewPasswordSended

core-library/src/test/resources/org/silverpeas/authentication/settings/authenticationSettings.properties

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -22,9 +22,6 @@
2222
# along with this program. If not, see <https://www.gnu.org/licenses/>.
2323
#
2424

25-
# Allow user to change his password from login page
26-
changePwdFromLoginPageActive = false
27-
2825
# By default login answer to personal question is not crypted
2926
loginAnswerEncrypted = false
3027

core-library/src/test/resources/org/silverpeas/lookAndFeel/generalLook.properties

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,6 @@ loginQuestion.1=Quelle est le nom de jeune fille de votre m\ufffdre ?
6161
loginQuestion.2=Quelle est votre ville de naissance ?
6262
loginQuestion.3=Quelle est le nom de votre animal pr\ufffdf\ufffdr\ufffd ?
6363

64-
forgottenPasswordInvalidLogin = /defaultReInitPassword.jsp?Action=InvalidLogin
6564
forgottenPasswordChangeAllowed = /defaultReInitPassword.jsp?Action=FirstMailSended
6665
forgottenPasswordChangeNotAllowed = /defaultReInitPassword.jsp?Action=ChangeNotAllowed
6766
forgottenPasswordReset = /defaultReInitPassword.jsp?Action=NewPasswordSended

core-services/chat/src/integration-test/resources/org/silverpeas/lookAndFeel/generalLook.properties

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,6 @@ loginQuestion.1=Quelle est le nom de jeune fille de votre m\u00e8re ?
7171
loginQuestion.2=Quelle est votre ville de naissance ?
7272
loginQuestion.3=Quelle est le nom de votre animal pr\u00e9f\u00e9r\u00e9 ?
7373

74-
forgottenPasswordInvalidLogin = /defaultReInitPassword.jsp?Action=InvalidLogin
7574
forgottenPasswordChangeAllowed = /defaultReInitPassword.jsp?Action=FirstMailSended
7675
forgottenPasswordChangeNotAllowed = /defaultReInitPassword.jsp?Action=ChangeNotAllowed
7776
forgottenPasswordReset = /defaultReInitPassword.jsp?Action=NewPasswordSended

core-services/chat/src/test/resources/org/silverpeas/lookAndFeel/generalLook.properties

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,6 @@ loginQuestion.1=Quelle est le nom de jeune fille de votre m\u00e8re ?
7171
loginQuestion.2=Quelle est votre ville de naissance ?
7272
loginQuestion.3=Quelle est le nom de votre animal pr\u00e9f\u00e9r\u00e9 ?
7373

74-
forgottenPasswordInvalidLogin = /defaultReInitPassword.jsp?Action=InvalidLogin
7574
forgottenPasswordChangeAllowed = /defaultReInitPassword.jsp?Action=FirstMailSended
7675
forgottenPasswordChangeNotAllowed = /defaultReInitPassword.jsp?Action=ChangeNotAllowed
7776
forgottenPasswordReset = /defaultReInitPassword.jsp?Action=NewPasswordSended

core-services/workflow/src/integration-test/resources/org/silverpeas/lookAndFeel/generalLook.properties

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,6 @@ loginQuestion.1=Quelle est le nom de jeune fille de votre m\ufffdre ?
6161
loginQuestion.2=Quelle est votre ville de naissance ?
6262
loginQuestion.3=Quelle est le nom de votre animal pr\ufffdf\ufffdr\ufffd ?
6363

64-
forgottenPasswordInvalidLogin = /defaultReInitPassword.jsp?Action=InvalidLogin
6564
forgottenPasswordChangeAllowed = /defaultReInitPassword.jsp?Action=FirstMailSended
6665
forgottenPasswordChangeNotAllowed = /defaultReInitPassword.jsp?Action=ChangeNotAllowed
6766
forgottenPasswordReset = /defaultReInitPassword.jsp?Action=NewPasswordSended

0 commit comments

Comments
 (0)