[FIX] Password reset/change accepting current password as new password #16331
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ashwaniYDV
changed the title
ggazzo
previously requested changes
Jan 31, 2020
|
@ggazzo I have done the requested changes. |
|
@gabriellsh Would you please review |
|
|
rodrigok
changed the title
rodrigok
previously approved these changes
May 21, 2020
gabriellsh
added a commit
that referenced
this pull request
May 29, 2020
…apps_rewrite * 'develop' of github.com:RocketChat/Rocket.Chat: (30 commits) Regression: Fix Unread bar design (#17750) Regression: Adjusting spaces between OAuth login buttons (#17745) Improved thread margins for clarity Regression: Scroll on admin user info (#17711) Regression: Removed status border on mentions list (#17741) Regression: Force unread-rooms bar to appears over the room list (#17728) [NEW][APPS-ENGINE] Essentials mechanism (#17656) Regression: Fix error preventing creation of group DMs (#17726) [FIX] SAML IDP initiated logout error (#17482) Regression: Threads list was fetching all threads (#17716) Regression: Add missing return to afterSaveMessage callbacks (#17715) [FIX] Missing dropdown to select custom status color on user's profile (#16537) [FIX] Password reset/change accepting current password as new password (#16331) [NEW][ENTERPRISE] Support Omnichannel conversations auditing (#17692) Upgrade Livechat Widget version to 1.5.0 (#17710) [FIX] Can't click on room's actions menu of sidebar list when in search mode (#16548) [NEW][ENTERPRISE] Support for custom Livechat registration form fields (#17581) Update Fuselage version (#17708) [NEW][ENTERPRISE] Omnichannel Last-Chatted Agent Preferred option (#17666) Regression: Status presence color (#17707) ...
ggazzo
added a commit
that referenced
this pull request
Jun 3, 2020
…/new-threads* 'develop' of github.com:RocketChat/Rocket.Chat: (54 commits) Submit a payload to the release service when a release happens (#17775) Regression: Fix Unread bar design (#17750) Regression: Adjusting spaces between OAuth login buttons (#17745) Improved thread margins for clarity Regression: Scroll on admin user info (#17711) Regression: Removed status border on mentions list (#17741) Regression: Force unread-rooms bar to appears over the room list (#17728) [NEW][APPS-ENGINE] Essentials mechanism (#17656) Regression: Fix error preventing creation of group DMs (#17726) [FIX] SAML IDP initiated logout error (#17482) Regression: Threads list was fetching all threads (#17716) Regression: Add missing return to afterSaveMessage callbacks (#17715) [FIX] Missing dropdown to select custom status color on user's profile (#16537) [FIX] Password reset/change accepting current password as new password (#16331) [NEW][ENTERPRISE] Support Omnichannel conversations auditing (#17692) Upgrade Livechat Widget version to 1.5.0 (#17710) [FIX] Can't click on room's actions menu of sidebar list when in search mode (#16548) [NEW][ENTERPRISE] Support for custom Livechat registration form fields (#17581) Update Fuselage version (#17708) [NEW][ENTERPRISE] Omnichannel Last-Chatted Agent Preferred option (#17666) ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #15569
Description:
As a security caution, an admin may want to force the user to change their password if their old password has been compromised. This would allow them to set the current password as the new one, potentially allowing that user account to be compromised again.
Before changes(gif):
killer.ash's initail password is 123456 and admin requests him to change password. He enters the same password 123456 and is loggen in.
After changes(gif):