Homec4science

Allow passwords to be edited even if `account.editable` is `false`

Authored by epriestley <git@epriestley.com> on Aug 22 2014, 00:35.

Description

Allow passwords to be edited even if account.editable is false

Summary:
Fixes T5900. We have some very old code here which does not let you update your password if the account.editable flag is set.

This was approximately introduced in D890, and I think it was mostly copy/pasted at that point. I'm not sure this ever really made sense. The option is not documented as affecting this, for example. In the modern environment of auth providers, it definitely does not make sense.

Instead, always allow users to change passwords if the install has a password provider configured.

Test Plan:

  • Set account.editable to false.
  • Used a password reset link.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5900

Differential Revision: https://secure.phabricator.com/D10331

Details

Committed
epriestley <git@epriestley.com>Aug 22 2014, 00:35
Pushed
aubortJan 31 2017, 17:16
Parents
rPH05eb77c0a704: Mark redirects to php.net from symbols as external
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH4a566f9e5d8d: Allow passwords to be edited even if `account.editable` is `false` (authored by epriestley <git@epriestley.com>).Aug 22 2014, 00:35