github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-28 10:41:25 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Allow staff to reset passwords by username (#15709)

Browse Source 
When staff visits the user profile of another user, the `email` field
in the model is empty. In this case, staff cannot send the reset email
password because nothing is passed in the `login` field.

This commit changes the behavior for staff users to allow resetting
password by username instead.
This commit is contained in:
Dan Ungureanu
2022-01-26 10:39:58 +02:00
committed by GitHub
parent f43bba8d59
commit f5b94f152f
3 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/session_controller.rb
View File

@ -434,7 +434,7 @@ class SessionController < ApplicationController
RateLimiter.new(nil, "forgot-password-hr-#{request.remote_ip}", 6, 1.hour).performed!
RateLimiter.new(nil, "forgot-password-min-#{request.remote_ip}", 3, 1.minute).performed!
user = if SiteSetting.hide_email_address_taken
user = if SiteSetting.hide_email_address_taken && !current_user&.staff?
raise Discourse::InvalidParameters.new(:login) if EmailValidator.email_regex !~ normalized_login_param
User.real.where(staged: false).find_by_email(Email.downcase(normalized_login_param))
else