[Bps-public-commit] rt-extension-resetpassword branch, master, updated. 1.09-4-gf830313

? sunnavy sunnavy at bestpractical.com
Tue Mar 2 06:46:53 EST 2021


The branch, master has been updated
       via  f8303135e445ac3807be2b2c3ca09f5cb10cd878 (commit)
       via  abee4685935b617f13da32ff1d98762ed09ce942 (commit)
       via  dbf9b15dbb9cd7606fbde542a66e9e4783c0ed2d (commit)
       via  4aff3216ca3b23d0c46828e8daa978ee77e21905 (commit)
      from  ce01719e5bfed86c84a355de15a9f8528bf88e14 (commit)

Summary of changes:
 Changes                                            |  4 +++
 META.yml                                           |  2 +-
 README                                             |  9 +++++
 .../Admin/Users/Modify.html/BeforeUpdate           | 14 ++++++++
 html/Elements/EditPassword                         | 40 ++++++++++++++++++++++
 lib/RT/Extension/ResetPassword.pm                  | 40 +++++++++++++++++++++-
 6 files changed, 107 insertions(+), 2 deletions(-)

- Log -----------------------------------------------------------------
commit 4aff3216ca3b23d0c46828e8daa978ee77e21905
Author: Jim Brandt <jbrandt at bestpractical.com>
Date:   Mon Mar 1 15:49:26 2021 -0500

    Provide a way to delete a user's password
    
    RT's default password controls always require a new value
    once a password has been set, so there is no way to clear
    a password once set.
    
    Provide a way to do this since ResetPassword has an option to
    allow or deny password resets based on a password already
    being set.

diff --git a/README b/README
index 8418396..dd44569 100644
--- a/README
+++ b/README
@@ -99,6 +99,14 @@ CONFIGURATION
         not have a password value to send themselves a reset password email
         and set a password.
 
+        Setting this to false (0) requires a user to already have a password
+        to use the reset feature. This is useful for managing access and not
+        automatically allowing new accounts to get a password.
+
+        This extension adds a "Delete password" option to the user admin
+        page to allow you to clear passwords if a user should no longer have
+        access.
+
     $CreateNewUserAsPrivileged
         Set this config value to true if users creating a new account should
         default to privileged users.
diff --git a/html/Callbacks/RT-Extension-ResetPassword/Admin/Users/Modify.html/BeforeUpdate b/html/Callbacks/RT-Extension-ResetPassword/Admin/Users/Modify.html/BeforeUpdate
index b1ff0b2..193dda9 100644
--- a/html/Callbacks/RT-Extension-ResetPassword/Admin/Users/Modify.html/BeforeUpdate
+++ b/html/Callbacks/RT-Extension-ResetPassword/Admin/Users/Modify.html/BeforeUpdate
@@ -18,6 +18,20 @@ if ( ( $ARGS{'SendPasswordResetEmail'} || $session{'SendPasswordResetEmail'} ) &
     }
 }
 delete $session{'SendPasswordResetEmail'};
+
+# Handle DeleteUserPassword
+if ( $ARGS{'DeleteUserPassword'} ) {
+    my ($ret, $msg) = $User->UnsetPassword();
+    if ( $ret ) {
+        push @{$Results}, $msg;
+    }
+    else {
+        push @{$Results}, 'Unable to delete password';
+        RT::Logger->error( "$msg" );
+    }
+}
+
+
 </%INIT>
 <%ARGS>
 $Results
diff --git a/html/Elements/EditPassword b/html/Elements/EditPassword
index aa408f0..750bbd8 100644
--- a/html/Elements/EditPassword
+++ b/html/Elements/EditPassword
@@ -54,6 +54,16 @@
       </div>
     </div>
   </div>
+% if ( $User->HasPassword ) {
+  <div class="form-row">
+    <div class="col-12">
+      <div class="custom-control custom-checkbox">
+        <input value="1" class="custom-control-input checkbox" id="DeleteUserPassword" name="DeleteUserPassword" type="checkbox" />
+        <label class="custom-control-label" for="DeleteUserPassword"><&|/l&>Delete password (User will have no password set)</&></label>
+      </div>
+    </div>
+  </div>
+% }
 
 % unless ( $cond{'CanSet'} ) {
 <% $cond{'Reason'} %><br />
@@ -92,6 +102,10 @@
 % else {
 <input value="1" <% $session{'SendPasswordResetEmail'} ? 'checked' : '' %> id="SendPasswordResetEmail" name="SendPasswordResetEmail" type="checkbox"></input>
 <label for="SendPasswordResetEmail"><&|/l&>Send new password email</&></label><br />
+% if ( $User->HasPassword ) {
+<input value="1" class="checkbox" id="DeleteUserPassword" name="DeleteUserPassword" type="checkbox" />
+<label for="DeleteUserPassword"><&|/l&>Delete password (User will have no password set)</&></label>
+% }
 
 % unless ( $cond{'CanSet'} ) {
 <% $cond{'Reason'} %><br />
diff --git a/lib/RT/Extension/ResetPassword.pm b/lib/RT/Extension/ResetPassword.pm
index 01f712a..1ad7522 100644
--- a/lib/RT/Extension/ResetPassword.pm
+++ b/lib/RT/Extension/ResetPassword.pm
@@ -55,6 +55,35 @@ sub CreateTokenAndResetPassword {
     return ($status, $msg);
 }
 
+
+# Add to RT::User for possible addition to core RT in the future.
+
+package RT::User;
+
+# Set the password for this user back to no value. This is useful for
+# features like ResetPassword that might use the existence of a password
+# to determine if a user should be allowed to reset. Also possibly useful
+# for clearing old passwords after switching to different authentication
+# for RT.
+
+sub UnsetPassword {
+    my $self     = shift;
+
+    unless ( $self->CurrentUserCanModify('Password') ) {
+        return ( 0, $self->loc('Password: Permission Denied') );
+    }
+
+    my ( $val, $msg ) = $self->_Set(Field => 'Password', Value => '');
+    if ($val) {
+        return ( 1, $self->loc("Password unset") );
+    }
+    else {
+        return ( $val, $msg );
+    }
+}
+
+package RT::Extension::ResetPassword;
+
 =head1 NAME
 
 RT::Extension::ResetPassword - add "forgot your password?" link to RT instance
@@ -173,6 +202,14 @@ Setting this config option to true will allow existing users who do
 not have a password value to send themselves a reset password email
 and set a password.
 
+Setting this to false (0) requires a user to already have a password
+to use the reset feature. This is useful for managing access and
+not automatically allowing new accounts to get a password.
+
+This extension adds a "Delete password" option to the user admin
+page to allow you to clear passwords if a user should no longer have
+access.
+
 =item C<$CreateNewUserAsPrivileged>
 
 Set this config value to true if users creating a new account should

commit dbf9b15dbb9cd7606fbde542a66e9e4783c0ed2d
Author: Jim Brandt <jbrandt at bestpractical.com>
Date:   Mon Mar 1 16:32:09 2021 -0500

    Display password status on the user admin page
    
    Without this display, there is no way for an RT admin
    to tell whether a user currently has a password set
    and might therefore be able to use the password reset
    feature to get access to RT.

diff --git a/README b/README
index dd44569..a8a2d7c 100644
--- a/README
+++ b/README
@@ -103,9 +103,10 @@ CONFIGURATION
         to use the reset feature. This is useful for managing access and not
         automatically allowing new accounts to get a password.
 
-        This extension adds a "Delete password" option to the user admin
-        page to allow you to clear passwords if a user should no longer have
-        access.
+        This extension adds a "Password Status" at the bottom of the Access
+        control section on the user admin page which shows whether the user
+        currently has a password set. The "Delete password" option allows
+        you to clear passwords if a user should no longer have access.
 
     $CreateNewUserAsPrivileged
         Set this config value to true if users creating a new account should
diff --git a/html/Elements/EditPassword b/html/Elements/EditPassword
index 750bbd8..2fe682e 100644
--- a/html/Elements/EditPassword
+++ b/html/Elements/EditPassword
@@ -97,6 +97,17 @@
       <input type="password" class="form-control" name="<% $Name[2] %>" size="16" autocomplete="off" />
     </div>
   </div>
+
+% if ( $User->Id ) {
+  <div class="form-row">
+    <div class="label col-3">
+      <&|/l&>Password Status</&>:
+    </div>
+    <div class="value col-9">
+      <span class="current-value form-control"><% $password_status %></span>
+    </div>
+  </div>
+% }
 % }
 % }
 % else {
@@ -129,6 +140,13 @@
 <td class="value"><input type="password" name="<% $Name[2] %>" size="16" autocomplete="off" /></td>
 </tr>
 
+% if ( $User->Id ) {
+<tr>
+<td class="label"><&|/l&>Password Status</&>:</td>
+<td class="value"><% $password_status %></td>
+</tr>
+% }
+
 </table>
 % }
 % }
@@ -140,4 +158,12 @@ $User
 
 my %cond = $User->CurrentUserRequireToSetPassword;
 
+# Does this user currently have a password?
+my $password_status;
+if ( $User->HasPassword ) {
+    $password_status = loc('Password is set');
+}
+else {
+    $password_status = loc('No password set');
+}
 </%INIT>
diff --git a/lib/RT/Extension/ResetPassword.pm b/lib/RT/Extension/ResetPassword.pm
index 1ad7522..3c45359 100644
--- a/lib/RT/Extension/ResetPassword.pm
+++ b/lib/RT/Extension/ResetPassword.pm
@@ -206,9 +206,10 @@ Setting this to false (0) requires a user to already have a password
 to use the reset feature. This is useful for managing access and
 not automatically allowing new accounts to get a password.
 
-This extension adds a "Delete password" option to the user admin
-page to allow you to clear passwords if a user should no longer have
-access.
+This extension adds a "Password Status" at the bottom of the Access control
+section on the user admin page which shows whether the user currently
+has a password set. The "Delete password" option allows you to clear
+passwords if a user should no longer have access.
 
 =item C<$CreateNewUserAsPrivileged>
 

commit abee4685935b617f13da32ff1d98762ed09ce942
Merge: ce01719 dbf9b15
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Tue Mar 2 18:58:56 2021 +0800

    Merge branch 'show-password-status'


commit f8303135e445ac3807be2b2c3ca09f5cb10cd878
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Tue Mar 2 19:00:25 2021 +0800

    Prep 1.10 release

diff --git a/Changes b/Changes
index a0f47c4..c20acb4 100644
--- a/Changes
+++ b/Changes
@@ -1,5 +1,9 @@
 Revision history for Perl module RT::Extension::ResetPassword
 
+1.10 2021-03-02
+ - Provide a way to delete a user's password
+ - Display password status on the user admin page
+
 1.09 2021-02-22
  - Provide a config option($ResetPasswordFromAddress) to set email From address
 
diff --git a/META.yml b/META.yml
index e5b89ce..e31fceb 100644
--- a/META.yml
+++ b/META.yml
@@ -24,6 +24,6 @@ requires:
   perl: 5.8.3
 resources:
   license: http://opensource.org/licenses/gpl-license.php
-version: '1.09'
+version: '1.10'
 x_module_install_rtx_version: '0.42'
 x_requires_rt: 4.0.0
diff --git a/lib/RT/Extension/ResetPassword.pm b/lib/RT/Extension/ResetPassword.pm
index 3c45359..c10ccc7 100644
--- a/lib/RT/Extension/ResetPassword.pm
+++ b/lib/RT/Extension/ResetPassword.pm
@@ -5,7 +5,7 @@ use warnings;
 
 use Digest::SHA qw(sha256_hex);
 
-our $VERSION = '1.09';
+our $VERSION = '1.10';
 
 RT->AddStyleSheets("resetpassword.css");
 

-----------------------------------------------------------------------


More information about the Bps-public-commit mailing list