Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[4.0] Viewing privacy policy from new user profile form does not work if require password reset is enabled #24719

Open
AnitaLund opened this issue Apr 24, 2019 · 9 comments

Comments

@AnitaLund
Copy link

@AnitaLund AnitaLund commented Apr 24, 2019

Steps to reproduce the issue

  1. Enable the System - Privacy Consent plugin and select a specific Privacy Article.

  2. Manually create a new user and enable Require Password Reset.

  3. Log in as this new user and you should be taken to the user profile form.

  4. Try to view the Privacy Article by clicking on the Privacy Policy link in the user profile form. The modal window will show the user profile form and not the privacy article as expected.

  5. Go back to User Management, disable Require Password Reset and save. Then try again to click on the Privacy Policy link in the user profile form and the modal window will now show the Privacy Article as expected.

Expected result

The modal window opened when the Privacy Policy link in the profile form should display the selected privacy article.

Actual result

The modal window opened displays the user profile form again and not the privacy article!

System information (as much as possible)

Joomla 3.9

Additional comments

So basically it seems that the user cannot view the Privacy Article from the profile form when he/she needs to reset the password at the same time.

I assume this is a bug and not intended behaviour?

@infograf768
Copy link
Member

@infograf768 infograf768 commented Apr 24, 2019

Bug confirmed.
Screen Shot 2019-04-24 at 16 55 21

The reinitialisation of the password is asked first in the modal which displays the whole site page.

@infograf768
Copy link
Member

@infograf768 infograf768 commented Apr 24, 2019

@mbabker
Copy link
Contributor

@mbabker mbabker commented Apr 24, 2019

TBH I don't know if there's a fix for this without shoving in a new plugin event. The password reset required redirect is done inside a helper method in the application classes that is based on a whitelisted set of components, layouts, and tasks. Putting the logic in there to determine the privacy policy article doesn't fly because that is determined with plugins and for the love of all that is sane please do not put anymore hardcoded plugin references in the libraries API unless you move that code out of plugins and into a library class.

So, fixing it constitutes a new feature (a onPasswordResetRequiredRedirect event, or something adequately named), meaning work on it in 4.0.

@ReLater
Copy link
Contributor

@ReLater ReLater commented Apr 24, 2019

Just a very nasty-hasty workaround, the basic idea and not more, that we use for two Joomla 3 sites at the moment with many new users that have to reset their password.
An override of com_users/profile/edit.php.
All I do is hiding the original label of the privacy field when requireReset is active for a user
and replacing it with a link to a static HTML page that is located on another domain.
Could be better but is sufficient for our requirements and laziness at the moment.
https://github.com/GHSVS-de/GHSVSThings/blob/master/relaterquatch/com_users-profile-edit.php#L69-L92

@AnitaLund
Copy link
Author

@AnitaLund AnitaLund commented Apr 25, 2019

Many thanks for the replies. I understand this is not an easy fix and will work around the issue until 4.0


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/24719.

@ghost ghost changed the title Viewing privacy policy from new user profile form does not work if require password reset is enabled [4.0] Viewing privacy policy from new user profile form does not work if require password reset is enabled Apr 25, 2019
@ghost ghost added J4 Issue and removed J3 Issue labels Apr 25, 2019
@ghost
Copy link

@ghost ghost commented Apr 25, 2019

Changed Issue for J4.

@SharkyKZ
Copy link
Contributor

@SharkyKZ SharkyKZ commented Apr 25, 2019

Some possible workarounds for 3.x, done in the Privacy Consent plugin:

  1. Disable privacy checkbox if password reset is required. The user would have to edit the profile twice. First to reset the password and then to provide consent.

  2. Disable password reset requirement while on privacy article page. But maybe this would be a security risk,

@mbabker
Copy link
Contributor

@mbabker mbabker commented Apr 25, 2019

Disable password reset requirement while on privacy article page. But maybe this would be a security risk

That's the bit that requires the plugin event unless you're going to hardcode the core plugin that manages that privacy policy bit into the application class, which goes against the design of com_privacy (intentionally the policy article is managed at the plugin level to not force it to be in com_content and to have not duplicated com_content's article logic into com_privacy (including all of the backend management and frontend routing and display), so if someone using K2 or EasyBlog or any other content creating component wanted to put their article in their chosen content component they just need a plugin supporting the hook) and just adds yet another hardcoded plugin reference to the core libraries.

@LukasHH
Copy link

@LukasHH LukasHH commented Jan 31, 2020

I have the same problem, but i have today created a override for the label.php in the layout.
layouts\plugins\system\privacyconsent\label.php

This loads the content selected in the plugin, including modules, iframe, etc.

In addition, a language string "PLG_SYSTEM_PRIVACYCONSENT_READ" must be created here, which is displayed as a button at the bottom of the modal window. This can be "OK", "read", "understood" or similar.

Whether this fits with K2 or similar extensions, I can not determine, because I do not use this.

This is a screenshot with the protostar template. Joomla 3.9.15
04_Datenschutz_zustimmung_Plugin_override

I will give my override the to the https://j-over.de

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

7 participants