Skip to content
Snippets Groups Projects
Commit 544d82d2 authored by Mykhailo Sokolovskyi's avatar Mykhailo Sokolovskyi Committed by AohRveTPV
Browse files

Issue #2779135 by l0ke, AohRveTPV, BR0kEN: "Delay" constraint allow to change...

Issue #2779135 by l0ke, AohRveTPV, BR0kEN: "Delay" constraint allow to change system-generated password
parent 5607c129
No related branches found
Tags 8.x-4.4
No related merge requests found
......@@ -40,7 +40,7 @@
}
$.post(
Drupal.settings.basePath + cleanUrlPrefix + Drupal.settings.pathPrefix + 'password_policy/check',
Drupal.settings.basePath + cleanUrlPrefix + Drupal.settings.pathPrefix + 'password_policy/check' + window.location.search,
data,
function (data) {
pw_status = data;
......
......@@ -69,6 +69,15 @@ function password_policy_delay_constraint($password, $account, $constraint) {
return TRUE;
}
// If user has only system-generated password, uses one-time link and has the
// token in the URL, don't apply constraint.
$is_password_generated = variable_get('user_email_verification', TRUE) && count($account->password_history) == 1;
$is_one_time_login = isset($_SESSION['pass_reset_' . $account->uid], $_GET['pass-reset-token']) && $_GET['pass-reset-token'] === $_SESSION['pass_reset_' . $account->uid];
if ($is_password_generated && $is_one_time_login) {
return TRUE;
}
// Apply constraint if last number of password changes defined by threshold
// happened too recently.
return $account->password_history[$password_index]->created <= strtotime('-' . $constraint->config['delay']);
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment