New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deactivated user can login by requesting password reset #1589
Comments
Yes you are right. A possible solution would be to modify the rules function in the file app\Domains\Auth\Http\Controllers\Frontend\ResetPasswordController.php
Though this would still send the email with token to the user. |
What I was trying to work out is where user is automatically logged in after password reset, as surely that would be the point at which a check is done to see if the user is deactivated? i.e. let them change password, but still block them once that done. |
I think that is in https://github.com/laravel/ui/blob/3.x/auth-backend/ResetsPasswords.php |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Hello, I have submitted pull request #1596 addressing this issue. I wrote few lines of code intervening redirection after successful reset password attempt, which will check for user's active status beforehand proceeding redirection and log them out incase found inactive. I have developed test for the same as well. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Steps on clean laravel-boileplate v8.3.1 install:
Pretty sure this is not meant to happen, as if this user then logs out again, once again they can't login as 'deactivated'
The text was updated successfully, but these errors were encountered: