Bug #98021
closed
Disabling password reset wirh options.passwordReset for only user with email still shows password reset link
0%
Description
Reproduce¶
1. Several BE users, only one user (testuser1) with email address (necessary criteria for password reset)
2. If testuser1 is disabled, the password reset link is not displayed, if he is enabled, it is displayed, so that is working correctly.
3. BUT, if testuser1 is enabled, but has options.passwordReset = 0 set in his User TSConfig, then the link is still displayed (though no one can reset their password)
shouldn't the link NOT be displayed if none of the users has the criteria for password reset?
Also, the password reset link is sent if requested.
Documentation¶
User TSconfig: options.passwordReset
https://docs.typo3.org/m/typo3/reference-tsconfig/main/en-us/UserTsconfig/Options.html#passwordreset
Changelog¶
The password reset link will only be displayed if several criteria are confirmed:
The user has a password entered previously (used to indicate that no third-party login was used)
The user has a valid email added to their user record
The user is neither deleted nor disabled
The email address is only used once among all Backend users of the instance
Files
Updated by Sybille Peters over 2 years ago
- File be_user_options_passwordReset.png be_user_options_passwordReset.png added
- Description updated (diff)
Updated by Georg Ringer over 2 years ago
- Related to Bug #98080: Remove useless options.passwordReset added
Updated by Georg Ringer over 2 years ago
thanks for creating the issue. However the tsconfig value is only used for the backend reset to control which users can reset passwords of others. however I created issue #98080 because IMO this setting doesn't help much.
I would suggest to close this issue as there is IMO no bug. what do you think?
Updated by Georg Ringer over 2 years ago
- Status changed from New to Needs Feedback
Updated by Sybille Peters over 2 years ago
- Status changed from Needs Feedback to Closed
@Georg Ringer. Ok, closing, it looks like I misunderstood how this option should work.