Skip to content
Browse files

MDL-20933 fixed a regression, we should not force changing of passwor…

…d for admins that can not actually change the password
  • Loading branch information...
1 parent 1f5f68c commit f73ccb88fdc5b649579493a8b53388dcb6288a1b @skodak skodak committed Nov 22, 2009
Showing with 41 additions and 2 deletions.
  1. +40 −1 lib/db/upgrade.php
  2. +1 −1 version.php
View
41 lib/db/upgrade.php
@@ -3207,6 +3207,9 @@ function xmldb_main_upgrade($oldversion=0) {
if ($result && $oldversion < 2007101561.02) {
+ //NOTE: this is a wrong location for forcing of admin password change,
+ // it should have been done from each auth plugin separately
+
$messagesubject = get_string('upgrade197noticesubject', 'admin');
$message = addslashes(get_string('upgrade197notice', 'admin'));
if (empty($CFG->passwordmainsalt)) {
@@ -3215,7 +3218,7 @@ function xmldb_main_upgrade($oldversion=0) {
}
// Force administrators to change password on next login
- $sql = "SELECT DISTINCT u.id, u.firstname, u.lastname, u.picture, u.imagealt, u.email, u.password
+ $sql = "SELECT DISTINCT u.id, u.firstname, u.lastname, u.picture, u.imagealt, u.email, u.password, u.auth
FROM {$CFG->prefix}role_capabilities rc
JOIN {$CFG->prefix}role_assignments ra ON (ra.contextid = rc.contextid AND ra.roleid = rc.roleid)
JOIN {$CFG->prefix}user u ON u.id = ra.userid
@@ -3230,6 +3233,15 @@ function xmldb_main_upgrade($oldversion=0) {
// no need to change password if stored only outside of moodle - most probably ldap auth
continue;
}
+ if (!$auth = get_auth_plugin($adminuser->auth)) { // very ugly hack, we are not supposed to use any plugins from main upgrade!!
+ continue;
+ }
+ // let's hope no auth plugin is going to end with fatal error here
+ if (!@$auth->can_change_password()) { // very ugly hack, we are not supposed to use any plugins from main upgrade!!
+ // do not force admin to change password if there is no way to actually change it
+ continue;
+ }
+
if ($preference = get_record('user_preferences', 'userid', $adminuser->id, 'name', 'auth_forcepasswordchange')) {
if ($preference->value == '1') {
continue;
@@ -3255,6 +3267,33 @@ function xmldb_main_upgrade($oldversion=0) {
upgrade_main_savepoint($result, 2007101561.02);
}
+ if ($result && $oldversion < 2007101563.01) {
+ // this block tries to undo incorrect forcing of new passwords for admins that have no
+ // way to change passwords MDL-20933
+ $sql = "SELECT DISTINCT u.id, u.firstname, u.lastname, u.picture, u.imagealt, u.email, u.password, u.auth
+ FROM {$CFG->prefix}role_capabilities rc
+ JOIN {$CFG->prefix}role_assignments ra ON (ra.contextid = rc.contextid AND ra.roleid = rc.roleid)
+ JOIN {$CFG->prefix}user u ON u.id = ra.userid
+ WHERE rc.capability = 'moodle/site:doanything'
+ AND rc.permission = ".CAP_ALLOW."
+ AND u.deleted = 0
+ AND rc.contextid = ".SYSCONTEXTID."";
+
+ $adminusers = get_records_sql($sql);
+ foreach ($adminusers as $adminuser) {
+ if ($adminuser->password === 'not cached') {
+ // no need to change password if stored only outside of moodle - most probably ldap auth
+ continue;
+ }
+ if ($auth = get_auth_plugin($adminuser->auth) and @$auth->can_change_password()) { // very ugly hack, we are not supposed to use any plugins from main upgrade!!
+ continue;
+ }
+ delete_records('user_preferences', 'userid', $adminuser->id, 'name', 'auth_forcepasswordchange');
+ }
+
+ upgrade_main_savepoint($result, 2007101563.01);
+ }
+
return $result;
}
View
2 version.php
@@ -6,7 +6,7 @@
// This is compared against the values stored in the database to determine
// whether upgrades should be performed (see lib/db/*.php)
- $version = 2007101563; // YYYYMMDD = date of the 1.9 branch (don't change)
+ $version = 2007101563.01; // YYYYMMDD = date of the 1.9 branch (don't change)
// X = release number 1.9.[0,1,2,3,4,5...]
// Y.YY = micro-increments between releases

0 comments on commit f73ccb8

Please sign in to comment.
Something went wrong with that request. Please try again.