Skip to content

Commit

Permalink
[5.2] Fix password reset broken in backend (#44723)
Browse files Browse the repository at this point in the history
  • Loading branch information
@joomdonation
joomdonation authored Jan 18, 2025
1 parent 65acec1 commit 20d3804
Show file tree
Hide file tree
Showing 2 changed files with 57 additions and 59 deletions.
114 changes: 57 additions & 57 deletions libraries/src/Application/CMSApplication.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -406,74 +406,74 @@ protected function checkUserRequireReset($option, $view, $layout, $tasks)
*/
protected function checkUserRequiresReset($option, $view, $layout, $urls = [])
{
if ($this->getIdentity()->requireReset) {
$redirect = false;

/*
* By default user profile edit page is used.
* That page allows you to change more than just the password and might not be the desired behavior.
* This allows a developer to override the page that manage the password reset.
* (can be configured using the file: configuration.php, or if extended, through the global configuration form)
*/
$name = $this->getName();

if ($this->get($name . '_reset_password_override', 0)) {
$option = $this->get($name . '_reset_password_option', '');
$view = $this->get($name . '_reset_password_view', '');
$layout = $this->get($name . '_reset_password_layout', '');
$urls = $this->get($name . '_reset_password_urls', $urls);
}

// If the current URL matches an entry in $urls, we do not redirect
if (\count($urls)) {
$found = false;

foreach ($urls as $url) {
$found2 = false;
// Password reset is not required for the user, no need to check it further
if (!$this->getIdentity()->requireReset) {
return;
}

foreach ($url as $key => $value) {
if ($this->input->getCmd($key) !== $value) {
$found2 = false;
break;
}
/*
* By default user profile edit page is used.
* That page allows you to change more than just the password and might not be the desired behavior.
* This allows a developer to override the page that manage the password reset.
* (can be configured using the file: configuration.php, or if extended, through the global configuration form)
*/
$name = $this->getName();

$found2 = true;
}
if ($this->get($name . '_reset_password_override', 0)) {
$option = $this->get($name . '_reset_password_option', '');
$view = $this->get($name . '_reset_password_view', '');
$layout = $this->get($name . '_reset_password_layout', '');
$urls = $this->get($name . '_reset_password_urls', $urls);
}

if ($found2) {
$found = true;
break;
}
}
/**
* The page which manage password reset always need to accessible, so if the current page
* is managing password reset page, no need to check it further
*/
if (
$this->input->getCmd('option', '') === $option
&& $this->input->getCmd('view', '') === $view
&& $this->input->getCmd('layout', '') == $layout
) {
return;
}

if (!$found) {
$redirect = true;
}
} else {
if (
$this->input->getCmd('option', '') !== $option || $this->input->getCmd('view', '') !== $view
|| $this->input->getCmd('layout', '') !== $layout
) {
// Requested a different option/view/layout
$redirect = true;
// If the current URL matches an entry in $urls, we do not redirect
foreach ($urls as $url) {
$match = true;

foreach ($url as $key => $value) {
if ($this->input->getCmd($key) !== $value) {
/**
* The current URL does not meet this entry, get out of this loop
* and check next entry
*/
$match = false;
break;
}
}

if ($redirect) {
// Redirect to the profile edit page
$this->enqueueMessage(Text::_('JGLOBAL_PASSWORD_RESET_REQUIRED'), 'notice');
// The current URL meet the entry, no redirect is needed, just return early
if ($match) {
return;
}
}

$url = Route::_('index.php?option=' . $option . '&view=' . $view . '&layout=' . $layout, false);
// Redirect to the profile edit page
$this->enqueueMessage(Text::_('JGLOBAL_PASSWORD_RESET_REQUIRED'), 'notice');

// In the administrator we need a different URL
if (strtolower($name) === 'administrator') {
$user = Factory::getApplication()->getIdentity();
$url = Route::_('index.php?option=' . $option . '&task=' . $view . '.' . $layout . '&id=' . $user->id, false);
}
$url = Route::_('index.php?option=' . $option . '&view=' . $view . '&layout=' . $layout, false);

$this->redirect($url);
}
// In the administrator we need a different URL
if ($this->isClient('administrator')) {
$user = $this->getIdentity();
$url = Route::_(
'index.php?option=' . $option . '&task=' . $view . '.' . $layout . '&id=' . $user->id,
false
);
}

$this->redirect($url);
}

/**
Expand Down
2 changes: 0 additions & 2 deletions libraries/src/Application/SiteApplication.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -265,7 +265,6 @@ protected function doExecute()
['option' => 'com_users', 'view' => 'method'],
['option' => 'com_users', 'task' => 'method.add'],
['option' => 'com_users', 'task' => 'method.save'],
['option' => 'com_users', 'view' => 'profile', 'layout' => 'edit'],
]);
}

Expand Down Expand Up @@ -707,7 +706,6 @@ public function login($credentials, $options = [])
['option' => 'com_users', 'view' => 'method'],
['option' => 'com_users', 'task' => 'method.add'],
['option' => 'com_users', 'task' => 'method.save'],
['option' => 'com_users', 'view' => 'profile', 'layout' => 'edit'],
]);
}

Expand Down

0 comments on commit 20d3804

Please sign in to comment.