We use cookies to ensure you get the best experience on our website
首頁 探索 說明
註冊 登入
0ct0pu5
/
pwm
1
0
複刻 0
Files 問題管理 0 合併請求 0 Wiki
瀏覽代碼

Trying to cancel forgotten password after inputting the token doesn't cancel.

Fixed a problem where the temporary authentication wasn't getting cleared out, which was causing the change password page to keep being shown, even after clicking cancel.
James Albright 9 年之前
父節點
9c754d3f96
當前提交
eeb456063d
共有 2 個文件被更改,包括 13 次插入1 次删除
分割檢視 顯示文件統計
  1. 10 0
      src/main/java/password/pwm/http/servlet/ChangePasswordServlet.java
  2. 3 1
      src/main/webapp/WEB-INF/jsp/changepassword.jsp

+ 10 - 0
src/main/java/password/pwm/http/servlet/ChangePasswordServlet.java
查看文件 

@@ -91,6 +91,7 @@ public class ChangePasswordServlet extends AbstractPwmServlet {
 
         form(HttpMethod.POST),
 
         agree(HttpMethod.POST),
 
         warnResponse(HttpMethod.POST),
 
+        reset(HttpMethod.POST),
 
 
         ;
 
 
@@ -178,6 +179,15 @@ public class ChangePasswordServlet extends AbstractPwmServlet {
 
 
                 case agree:
 
                     handleAgreeRequest(pwmRequest, changePasswordBean);
 
+
 
+                case reset:
 
+                    if (pwmSession.getUserInfoBean().isRequiresNewPassword()) {
 
+                        // Must have gotten here from the "Forgotton Password" link.  Better clear out the temporary authentication
 
+                        pwmRequest.getPwmSession().unauthenticateUser(pwmRequest);
 
+                    }
 
+
 
+                    pwmRequest.sendRedirect(pwmRequest.getHttpServletRequest().getContextPath());
 
+                    break;
 
             }
 
         }

+ 3 - 1
src/main/webapp/WEB-INF/jsp/changepassword.jsp
查看文件 

@@ -115,7 +115,9 @@
 
                 <pwm:display key="Button_ChangePassword"/>
 
             </button>
 
             <% if (!passwordStatus.isExpired() && !passwordStatus.isPreExpired() && !passwordStatus.isViolatesPolicy()) { %>
 
-                <form action="<pwm:url addContext='true' url='/' />" method="GET">
 
+                <form action="<pwm:current-url/>" method="post" enctype="application/x-www-form-urlencoded" style="display: inline;">
 
+                    <input type="hidden" name="processAction" value="reset"/>
 
+                    <input type="hidden" name="pwmFormID" id="pwmFormID" value="<pwm:FormID/>"/>
 
                     <button type="submit" name="change" class="btn">
 
                         <pwm:if test="<%=PwmIfTest.showIcons%>"><span class="btn-icon pwm-icon pwm-icon-forward"></span></pwm:if>
 
                         <pwm:display key="Button_Cancel"/>

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5