GitLab wurde erfolgreich aktualisiert. Durch regelmäßige Updates bleibt das THM GitLab sicher. Danke für Ihre Geduld.

Commit 637da6cc authored by Daniel Gerhardt's avatar Daniel Gerhardt

Forbid password changing for CAS users

parent a092e52e
......@@ -5,6 +5,7 @@ class PasswordsController < Devise::PasswordsController
before_action :resource_from_email, only: [:create]
before_action :check_password_authentication_available, only: [:create]
before_action :prevent_cas_reset, only: [:create]
before_action :throttle_reset, only: [:create]
# rubocop: disable CodeReuse/ActiveRecord
......@@ -55,6 +56,13 @@ def check_password_authentication_available
alert: "Password authentication is unavailable."
end
def prevent_cas_reset
return unless resource && resource.cas_user?
redirect_to after_sending_reset_password_instructions_path_for(resource_name),
alert: "Cannot reset password for CAS user."
end
def throttle_reset
return unless resource && resource.recently_sent_password_reset?
......
......@@ -72,7 +72,7 @@
= link_to profile_emails_path do
%strong.fly-out-top-item-name
= _('Emails')
- if current_user.allow_password_authentication?
- if current_user.allow_password_authentication? && !current_user.cas_user?
= nav_link(controller: :passwords) do
= link_to edit_profile_password_path do
.nav-icon-container
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment