Child pages
  • [security] Forgot password for Administrators [5.3.0-B1]
Skip to end of metadata
Go to start of metadata

Almost each In-Portal theme has a feature, that allows Front-End users to reset their password in case if they forgot it. Unfortunately same can't be said for Administrators. When any of administrators forgets his/her password, then they're out of luck.

Solution

  1. change "u:OnResetLostPassword" event to call "$this->setNextTemplate($event);" at the end - 0.3h
  2. on "/login.tpl" template move code in <inp2:m_if check="m_Param" name="http_auth"> block, that is located after footer div into same IF in main page part - 0.2h
  3. create "/designs/without_login_design.tpl" design based on "/login.tpl" template, where configurable part would be rendered inside <inp2:m_if check="m_Param" name="http_auth"> IF statement - 0.4h
  4. refactor "/login.tpl" template to use "/designs/without_login_design.tpl" design - 0.1h
  5. modify the "u:OnForgotPassword" event to: - 0.4h
    1. when used from Admin Console, then allow resetting password of Administrators only (UserType=1)
    2. when used from Front-End, then allow resetting password of Regular users only (UserType=0)
  6. create "/login/forgot_password_reset_notice.tpl" template (use "/designs/without_login_design.tpl" design) like template with same name from "advanced" theme, that will: - 0.5h
    1. show heading & text (create missing admin phrases with adapted from Front-End texts)
    2. show link/button for going back to homepage (that internally would redirect to login page anyway)
  7. create "/login/forgot_password_reset.tpl" template (use "/designs/without_login_design.tpl" design) like template with same name from "advanced" theme, that will: - 0.5h
    1. show heading & text (create missing admin phrases with adapted from Front-End texts)
    2. show inputs for entering new password
    3. have "next_template" hidden field with "index" value
    4. have button, that would submit form with "u.forgot:OnResetLostPassword" event
  8. create "/login/forgot_password.tpl" template (use "/designs/without_login_design.tpl" design) like template with same name from "advanced" theme, that: - 0.5h
    1. allows entering username/e-mail via single field
    2. have "template_success" hidden field with "login/forgot_password_reset_notice" value
    3. have "reset_confirm_template" hidden field with "login/forgot_password_reset" value
    4. have single button, that once pressed will submit the form using "u:OnForgotPassword" event
  9. add "Forgot Password?" link (only when "DBG_RESET_ROOT" constant isn't defined) to the bottom of Admin Console login form, that once clicked would redirect to "/login/forgot_password.tpl" template - 0.1h

Quote: 3h*1.4 (doing) + 1h (quoting) = 5h

Related Discussions

Related Tasks

INP-1681 - Getting issue details... STATUS