Project

General

Profile

Actions

Bug #98021

closed

Disabling password reset wirh options.passwordReset for only user with email still shows password reset link

Added by Sybille Peters over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
2022-07-26
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
11
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Reproduce

1. Several BE users, only one user (testuser1) with email address (necessary criteria for password reset)
2. If testuser1 is disabled, the password reset link is not displayed, if he is enabled, it is displayed, so that is working correctly.
3. BUT, if testuser1 is enabled, but has options.passwordReset = 0 set in his User TSConfig, then the link is still displayed (though no one can reset their password)

shouldn't the link NOT be displayed if none of the users has the criteria for password reset?

Also, the password reset link is sent if requested.

Documentation

User TSconfig: options.passwordReset

https://docs.typo3.org/m/typo3/reference-tsconfig/main/en-us/UserTsconfig/Options.html#passwordreset

Changelog

The password reset link will only be displayed if several criteria are confirmed:

The user has a password entered previously (used to indicate that no third-party login was used)

The user has a valid email added to their user record

The user is neither deleted nor disabled

The email address is only used once among all Backend users of the instance

https://docs.typo3.org/c/typo3/cms-core/main/en-us/Changelog/10.4/Feature-89513-PasswordResetForBackendUsers.html


Files

be_user_options_passwordReset.png (8.69 KB) be_user_options_passwordReset.png Sybille Peters, 2022-07-26 06:10

Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #98080: Remove useless options.passwordResetClosed2022-08-05

Actions
Actions

Also available in: Atom PDF