From ecbad650d081057e94ed1cafe8e0d1b8e09cba35 Mon Sep 17 00:00:00 2001 From: Will Rossiter Date: Thu, 14 Mar 2024 15:09:03 +1300 Subject: [PATCH] FIX mark a successful login attempt when completing a password reset (#10100) --- .../ChangePasswordHandler.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/Security/MemberAuthenticator/ChangePasswordHandler.php b/src/Security/MemberAuthenticator/ChangePasswordHandler.php index 5aefa310e38..6205a1dfb53 100644 --- a/src/Security/MemberAuthenticator/ChangePasswordHandler.php +++ b/src/Security/MemberAuthenticator/ChangePasswordHandler.php @@ -13,6 +13,7 @@ use SilverStripe\ORM\ValidationException; use SilverStripe\Security\Authenticator; use SilverStripe\Security\IdentityStore; +use SilverStripe\Security\LoginAttempt; use SilverStripe\Security\Member; use SilverStripe\Security\Security; @@ -267,11 +268,26 @@ public function doChangePassword(array $data, $form) // Clear locked out status $member->LockedOutUntil = null; $member->FailedLoginCount = null; + + // Create a successful 'LoginAttempt' as the password is reset + $loginAttempt = LoginAttempt::create(); + $loginAttempt->Status = LoginAttempt::SUCCESS; + $loginAttempt->MemberID = $member->ID; + + if ($member->Email) { + $loginAttempt->setEmail($member->Email); + } + + $loginAttempt->IP = $this->getRequest()->getIP(); + $loginAttempt->write(); + // Clear the members login hashes $member->AutoLoginHash = null; $member->AutoLoginExpired = DBDatetime::create()->now(); $member->write(); + + if ($member->canLogin()) { $identityStore = Injector::inst()->get(IdentityStore::class); $identityStore->logIn($member, false, $this->getRequest());