Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

FIX Log out current member when forgotten password #2907

Merged
merged 1 commit into from Mar 15, 2014

Conversation

Projects
None yet
2 participants
Owner

dhensby commented Feb 28, 2014

At the moment, if a user is logged in on a device (say, their phone) but has forgotten their password.

If they attempt to reset their password on their desktop, then open the email on their phone they then see the reset password form with the CurrentPassword field. I'm not entirely sure what happens if a DIFFERENT user is currently logged in, but I think they remain logged in and you're effectively trying to change their password.

Both scenarios are not ideal and (in fact) this happens a lot in the real world as it's a legitimate complaint we're receiving from a visitors of one of our client's websites.

FIX Log out current member when forgotten password
At the moment, if a user is logged in on a device (say, their phone) but has forgotten their password.

If they attempt to reset their password on their desktop, then open the email on their phone they then see the reset password form *with* the CurrentPassword field. I'm not entirely sure what happens if a DIFFERENT user is currently logged in, but I think they remain logged in and you're effectively trying to change their password.

Both scenarios are not ideal and (in fact) this happens a lot in the real world as it's a legitimate complaint we're receiving from a visitors of one of our client's websites.

@dhensby dhensby referenced this pull request in BetterBrief/silverstripe-opauth Mar 4, 2014

Merged

Allow disabling of "forgot password" feature #9

simonwelsh added a commit that referenced this pull request Mar 15, 2014

Merge pull request #2907 from dhensby/patch-1
FIX Log out current member when forgotten password

@simonwelsh simonwelsh merged commit 3e57cc0 into silverstripe:master Mar 15, 2014

1 check passed

default Scrutinizer: 4548 added/modified code elements — Travis: Passed
Details

@dhensby dhensby deleted the dhensby:patch-1 branch May 6, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment