Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-18263

Disable reset password when is not needed

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 12.10.2
    • Fix Version/s: None
    • Component/s: Administration
    • Labels:
      None
    • Difficulty:
      Unknown
    • Similar issues:

      Description

      When a third party authenticator(LDAP, OIDC) is used for user authentication, the Reset password button from the User profile -> Preferences section is displayed, but cannot be used to actually reset the password.
      At this moment there is only one authenticator that is covered from this behavior: LDAP. In order to check if the user profile has the particular object XWiki.LDAPProfileClass, there should be a generic rule for any authenticator.
      While the rule of checking the existence of an object in the user document seems to be a good one , at least we can provide a dynamic way of specifying the class or even a list of classes.
      This can be configurable at xwikivars level, as a simple solution.

      An advanced and maybe a better solution would be to rely on the wiki configuration (xwiki.cfg) and check the authclass parameter. However, we need to also consider that there will still be XWiki users that should be able to reset their passwords.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            acotiuga Alex Cotiugă
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: