-
Notifications
You must be signed in to change notification settings - Fork 173
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[User Accounts] Fix password bugs: "confirm password" must match; password cannot be email #5426
[User Accounts] Fix password bugs: "confirm password" must match; password cannot be email #5426
Conversation
@@ -1081,19 +1088,25 @@ class Edit_User extends \NDB_Form | |||
= 'Please specify password or click Generate new password'; | |||
} | |||
} | |||
// Ensure that the password and confirm password fields match. | |||
// TODO This validation should be done on the front-end instead. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// TODO This validation should be done on the front-end instead. | |
// TODO This validation should also be done on the front-end. |
Never rely to front-end check!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think it's really an issue in this case. It's just a double-check so that someone doesn't make a typo while entering their password. Makes more sense to do that on the front-end and prevent the request from going through if they made a mistake.
$plaintext = $values['Password_hash']; | ||
|
||
// Ensure that the password and confirm password fields match. | ||
// TODO This validation should be done on the front-end instead. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// TODO This validation should be done on the front-end instead. | |
// TODO This validation should also be done on the front-end. |
This should go to the release branch.. we want it fixed for 22.0, not 23.0, don't we? |
I've rebased it to |
…n error when they did not match
Also fixes #5439 |
I tested this locally and it worked but it wasn't manually tested. Hopefully any potential errors will come up during the next testing round |
Brief summary of changes
Password and Confirm Password on the front-end don't need to match on major. This check was removed by mistake during Password refactoring.
Testing instructions (if applicable)
Links to related tickets (GitHub, Redmine, ...)