Allow passwords to be edited even if `account.editable` is `false`
4a566f9e5d8d
Actions

Authored by epriestley <git@epriestley.com> on Aug 22 2014, 00:35.

Description

Allow passwords to be edited even if account.editable is false

Summary:
Fixes T5900. We have some very old code here which does not let you update your password if the account.editable flag is set.

This was approximately introduced in D890, and I think it was mostly copy/pasted at that point. I'm not sure this ever really made sense. The option is not documented as affecting this, for example. In the modern environment of auth providers, it definitely does not make sense.

Instead, always allow users to change passwords if the install has a password provider configured.

Test Plan:

Set account.editable to false.
Used a password reset link.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5900

Differential Revision: https://secure.phabricator.com/D10331

Details

Committed

epriestley <git@epriestley.com>

Aug 22 2014, 00:35

Pushed

aubort

Jan 31 2017, 17:16

Parents

rPH05eb77c0a704: Mark redirects to php.net from symbols as external

Branches

Unknown

Tags

Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH4a566f9e5d8d: Allow passwords to be edited even if `account.editable` is `false` (authored by epriestley <git@epriestley.com>).Aug 22 2014, 00:35

Changes (2)

				Path
	M			src/applications/auth/controller/PhabricatorAuthOneTimeLoginController.php
	M			src/applications/settings/panel/PhabricatorSettingsPanelPassword.php

Allow passwords to be edited even if `account.editable` is `false`4a566f9e5d8dActions

Description

Details

Event Timeline

Changes (2)

rPH4a566f9e5d8d

src/applications/auth/controller/PhabricatorAuthOneTimeLoginController.php

src/applications/settings/panel/PhabricatorSettingsPanelPassword.php

Allow passwords to be edited even if `account.editable` is `false`
4a566f9e5d8d
Actions