Hello,
I don't want my users to be able to set their own passwords. Attached
patch adds the configuration option "usercanchangepassword" that
defaults to true.
The extra test for OC_User::canUserChangePassword($username) in
ajax/changepassword.php is probably a good measure even when not adding
the extra config option.
Regards,
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research
--- settings/ajax/changepassword.php.000 2013-08-11 22:02:00.000000000 +0200
+++ settings/ajax/changepassword.php 2013-08-24 23:23:22.220112616 +0200
@@ -55,7 +55,7 @@ if (\OCP\App::isEnabled('files_encryptio
}
}
} else { // if user changes his own password or if encryption is disabled, proceed
- if (!is_null($password) && OC_User::setPassword($username, $password)) {
+ if (!is_null($password) && OC_User::canUserChangePassword($username) && OC_User::setPassword($username, $password)) {
OC_JSON::success(array('data' => array('username' => $username)));
} else {
OC_JSON::error(array('data' => array('message' => 'Unable to change password')));
--- lib/user.php.000 2013-08-11 22:02:00.000000000 +0200
+++ lib/user.php 2013-08-24 23:26:55.653129608 +0200
@@ -428,6 +428,9 @@ class OC_User {
* Check whether a specified user can change his password
*/
public static function canUserChangePassword($uid) {
+ if (OC_Config::getValue('usercanchangepassword', true) == false) {
+ return false;
+ }
foreach(self::$_usedBackends as $backend) {
if($backend->implementsActions(OC_USER_BACKEND_SET_PASSWORD)) {
if($backend->userExists($uid)) {
_______________________________________________
Owncloud mailing list
[email protected]
https://mail.kde.org/mailman/listinfo/owncloud
