Skip to content
Permalink
Browse files
Fix must change password (#5638)
* Fix must change password

* Update CHANGELOG.md (#5638)

* Improve access validation

* Update CHANGELOG.md

Co-authored-by: Lucas Bartholemy <luke-@users.noreply.github.com>
  • Loading branch information
yurabakhtin and luke- committed Apr 19, 2022
1 parent abe0f3c commit eb83de20aaecc559ab77a44a6179646a99607e33
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 12 deletions.
@@ -9,6 +9,7 @@ HumHub Changelog
- Fix #5517: Don't send "Follows" notification on request friendship
- Fix #5563: Limit backup duration of RichText editor for 2 hours
- Enh #5601: Backup RichText in sessionStorage
- Fix #5638: Removed return values from `codeCallback`
- Fix #5634: Fix tests NonceCest
- Fix #5644: Fix console command space/assign-all-members

@@ -11,9 +11,7 @@
use humhub\components\access\ControllerAccess;
use Yii;
use yii\base\ActionFilter;
use yii\helpers\Url;
use yii\web\HttpException;
use yii\web\Response;

/**
* Handles the AccessControl for a Controller.
@@ -151,12 +149,13 @@ public function beforeAction($action)
method_exists($this, $this->controllerAccess->codeCallback)) {
// Call a specific function for current action filter,
// may be used to filter a logged in user for some restriction e.g. "must change password"
return call_user_func([$this, $this->controllerAccess->codeCallback]);
call_user_func([$this, $this->controllerAccess->codeCallback]);
} else if ($this->controllerAccess->code == 401) {
return $this->loginRequired();
$this->loginRequired();
} else {
$this->forbidden();
}
return false;
}

return parent::beforeAction($action);
@@ -217,31 +216,27 @@ protected function forbidden()
}

/**
* @return bool forces user login
* Force user to log in
*/
protected function loginRequired()
{
Yii::$app->user->logout();
Yii::$app->user->loginRequired();

return false;
}

/**
* @return Response Redirect user to force to change password
* Force user to redirect to change password
* @since 1.8
*/
protected function forceChangePassword()
{
if (!Yii::$app->user->isMustChangePasswordUrl()) {
return Yii::$app->getResponse()->redirect(Url::toRoute(Yii::$app->user->mustChangePasswordRoute));
Yii::$app->getResponse()->redirect([Yii::$app->user->mustChangePasswordRoute]);
}
}

/**
* Log out all non admin users when maintenance mode is active
*
* @return Response Redirect to home page
* @since 1.8
*/
protected function checkMaintenanceMode()
@@ -251,7 +246,7 @@ protected function checkMaintenanceMode()
Yii::$app->user->logout();
Yii::$app->getView()->warn(Yii::t('error', 'Maintenance mode activated: You have been automatically logged out and will no longer have access the platform until the maintenance has been completed.'));
}
return Yii::$app->getResponse()->redirect(['/user/auth/login']);
Yii::$app->getResponse()->redirect(['/user/auth/login']);
}
}
}

0 comments on commit eb83de2

Please sign in to comment.