Commit 586de262 authored by jplang's avatar jplang

Password reset should count as a password change for User#must_change_passwd (#25253).

Patch by Felix Schäfer.

git-svn-id: https://svn.redmine.org/redmine/trunk@16374 e93f8b46-1217-0410-a6f0-8f06a7374b81
parent 04d1585c
......@@ -80,13 +80,18 @@ class AccountController < ApplicationController
return
end
if request.post?
@user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
if @user.save
@token.destroy
Mailer.password_updated(@user)
flash[:notice] = l(:notice_account_password_updated)
redirect_to signin_path
return
if @user.must_change_passwd? && @user.check_password?(params[:new_password])
flash.now[:error] = l(:notice_new_password_must_be_different)
else
@user.password, @user.password_confirmation = params[:new_password], params[:new_password_confirmation]
@user.must_change_passwd = false
if @user.save
@token.destroy
Mailer.password_updated(@user)
flash[:notice] = l(:notice_account_password_updated)
redirect_to signin_path
return
end
end
end
render :template => "account/password_recovery"
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment