-
Notifications
You must be signed in to change notification settings - Fork 820
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
remove $CleartextPassword from ChangePasswordEmail.ss #5194
Conversation
Hmm, is this really ok to go into 3.x? I think it has to be master :( |
I think it could be considered a security patch and go in a point release if we wanted because it's pretty bad form to email plain text passwords. I hate when websites email me a copy of a password I'm otherwise careful not to record outside of an encryption app. Also I wouldn't interpret this as a SemVer violation personally if it went to 3 branch - the API (barely) promises that users will be notified if their password is changed but doesn't specify how we do that. Plus how long has this functionality been broken? If it never worked there's no harm in removing it. Some other ideas for this template: Don't these messages usually include something like "If this wasn't you FREAK OUT" and maybe an IP address as well? Might be nice to add. Should this template be checking If we're only going to show the email address I don't see much point in emailing 'james@brown.com' and dedicating a paragraph to telling them that their email address is 'james@brown.com'. They would have just entered this in the password reset form and are using that email address to read the email after all. If we do display something other than email address if appropriate as the username then I do see value in including it. |
The only issue i see is of someone relies on this template and had patched the code to work. Then we'll break their site. I agree it should not be emailed. Happy to merge given concensus from other core members |
Even if it's a security improvement, it probably still needs to be a major release if it violates semver. The correct plaintext template is |
Well, it's broken atm. So we either fix it to make it less secure or we remove it as a patch. I vote patch |
Perhaps for 3.x we do <% if $CleartextPassword %> in the template to prevent breakage for those that have patched the code (although I would imagine most would opt for patching the template) but fixes the missing content issue for everyone else and then for 4 remove it from the template completely as all seem to agree about the security concerns |
Great idea |
0a7193f
to
bb90d82
Compare
The $CleartextPassword value is never populated as reported silverstripe#3257 and in agreeance with the two comments (cc @kinglozzer) I also don't think plaintext passwords should be included in emails by default. As Loz suggests if somebody wants this it can easily be added by overriding the template.
bb90d82
to
96c586b
Compare
PR updated for 3.x + updated commit message would you like me to raise this against 4 with this removed? |
@tractorcow thoughts? |
I agree; Fix in 3.x, remove in master. |
4.x version here #5221 |
Personally I'd prefer template syntax on it's own lines, there's no need to keep it on the unrelated line, I'll fix while merging... |
thanks @christopherdarling |
ChangePasswordEmail.ss 4.x version of silverstripe#5194
ChangePasswordEmail.ss 4.x version of silverstripe#5194
ChangePasswordEmail.ss 4.x version of silverstripe#5194
ChangePasswordEmail.ss 4.x version of silverstripe#5194
The $CleartextPassword value is never populated as reported #3257 and in agreeance with the two comments (cc @kinglozzer) I also don't think plaintext passwords should be included in emails by default. As Loz suggests if somebody wants this it can easily be added by overriding the template.