Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-66984

Allow change_password_url to use $USER global

XMLWordPrintable

    • MOODLE_36_STABLE, MOODLE_37_STABLE, MOODLE_38_STABLE
    • MOODLE_36_STABLE, MOODLE_37_STABLE
    • MDL-66984-change_password_url-with-user
    • Hide

      Requirements:

      • Mail configured.

      1) Create a test user, with manual auth_type

      2) Temp hack the code for auth_manual to set a custom change password url which uses the $USER global, and trick Moodle into thinking it is an external auth type. Open the /auth/manual/auth.php file and change the following methods to make them look like this:

      function change_password_url() {
          global $USER;
          return 'https://example.com/'.$USER->id;
      }
      function is_internal() {
          return false;
      }
      function can_reset_password() {
          return false;
      }
      

      3) Logout

      4) Visit the password forgot page: /login/forgot_password.php

      5) Enter the test username or email.

      6) Check it sends an email with this url. Check the user id appears at the end of this URL (in the example below, 123)

      To change your password, please go to the following web address:
      https://example.com/123
      

      Show
      Requirements: Mail configured. 1) Create a test user, with manual auth_type 2) Temp hack the code for auth_manual to set a custom change password url which uses the $USER global, and trick Moodle into thinking it is an external auth type. Open the /auth/manual/auth.php file and change the following methods to make them look like this: function change_password_url() {     global $USER ;     return 'https://example.com/' . $USER ->id; } function  is_internal() { return  false; } function  can_reset_password() { return  false; } 3) Logout 4) Visit the password forgot page: /login/forgot_password.php 5) Enter the test username or email. 6) Check it sends an email with this url. Check the user id appears at the end of this URL (in the example below, 123) To change your password, please go to the following web address: https: //example.com/123

      The auth api explicitly says that change_password_url() can use the $USER global:

      https://github.com/moodle/moodle/blob/master/lib/authlib.php#L155

      But this contract is broken when it uses this in the forgot password process when they are not currently logged in:

      https://github.com/moodle/moodle/blob/master/lib/moodlelib.php#L6526

       

      We have some custom auth plugins where you can get a nicer user experience by deep linking to the users profile page or password change url for that user, it's not a generic url (or the generic url requires an extra couple clicks to get where you want to go)

            brendanheywood Brendan Heywood
            brendanheywood Brendan Heywood
            Peter Burnett Peter Burnett
            Sara Arjona (@sarjona) Sara Arjona (@sarjona)
            Gladys Basiana Gladys Basiana
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour
                1h

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.