Better hide reset password functionality for LDAP users

Signed-off-by: snipe <snipe@snipe.net>
2025-02-02 08:21:09 -08:00 · 2025-01-17 18:51:08 +00:00 · 2025-01-17 18:51:08 +00:00 · e9ad43afbe
parent 7e65d68392
commit e9ad43afbe
5 changed files with 26 additions and 15 deletions
--- a/app/Http/Controllers/Auth/ResetPasswordController.php
+++ b/app/Http/Controllers/Auth/ResetPasswordController.php
@ -103,22 +103,24 @@ class ResetPasswordController extends Controller
                    ], $messages);
            }

+            if ($user->ldap_import != '1') {

-            // set the response
-            $response = $broker->reset(
-                $this->credentials($request), function ($user, $password) {
-                $this->resetPassword($user, $password);
-            });
+                    // set the response
+                    $response = $broker->reset(
+                        $this->credentials($request), function ($user, $password) {
+                        $this->resetPassword($user, $password);
+                    });

-            // Check if the password reset above actually worked
-            if ($response == \Password::PASSWORD_RESET) {
-                Log::debug('Password reset for '.$user->username.' worked');
-                return redirect()->guest('login')->with('success', trans('passwords.reset'));
+                    // Check if the password reset above actually worked
+                    if ($response == \Password::PASSWORD_RESET) {
+                        Log::debug('Password reset for ' . $user->username . ' worked');
+                        return redirect()->guest('login')->with('success', trans('passwords.reset'));
+                    }
+
+                    Log::debug('Password reset for ' . $user->username . ' FAILED - this user exists but the token is not valid');
+                    return redirect()->back()->withInput($request->only('email'))->with('success', trans('passwords.reset'));
            }

-            Log::debug('Password reset for '.$user->username.' FAILED - this user exists but the token is not valid');
-            return redirect()->back()->withInput($request->only('email'))->with('success', trans('passwords.reset'));
-
        }


--- a/app/Http/Controllers/ProfileController.php
+++ b/app/Http/Controllers/ProfileController.php
@ -99,9 +99,13 @@ class ProfileController extends Controller
     * User change email page.
     *
     */
-    public function password() : View
+    public function password() : View | RedirectResponse
    {
+
        $user = auth()->user();
+        if ($user->ldap_import=='1') {
+            return redirect()->route('account')->with('error', trans('admin/users/message.error.password_ldap'));
+        }
        return view('account/change-password', compact('user'));
    }

@ -116,7 +120,7 @@ class ProfileController extends Controller

        $user = auth()->user();
        if ($user->ldap_import == '1') {
-            return redirect()->route('account.password.index')->with('error', trans('admin/users/message.error.password_ldap'));
+            return redirect()->route('account')->with('error', trans('admin/users/message.error.password_ldap'));
        }

        $rules = [
--- a/app/Http/Controllers/Users/BulkUsersController.php
+++ b/app/Http/Controllers/Users/BulkUsersController.php
@ -70,7 +70,7 @@ class BulkUsersController extends Controller
            // bulk password reset, just do the thing
            } elseif ($request->input('bulk_actions') == 'bulkpasswordreset') {
                foreach ($users as $user) {
-                    if (($user->activated == '1') && ($user->email != '')) {
+                    if (($user->activated == '1') && ($user->email != '') && ($user->ldap_import != '1')) {
                        $credentials = ['email' => $user->email];
                        Password::sendResetLink($credentials/* , function (Message $message) {
                        $message->subject($this->getEmailSubject()); // TODO - I'm not sure if we still need this, but this second parameter is no longer accepted in later Laravel versions.
--- a/resources/views/account/view-assets.blade.php
+++ b/resources/views/account/view-assets.blade.php
@ -109,12 +109,15 @@
                    </a>
                  </div>
                @endcan
+
+                @if ($user->ldap_import!='1')
                <div class="col-md-12" style="padding-top: 5px;">
                  <a href="{{ route('account.password.index') }}" style="width: 100%;" class="btn btn-sm btn-primary btn-social btn-block hidden-print" target="_blank" rel="noopener">
                    <x-icon type="password" class="fa-fw" />
                    {{ trans('general.changepassword') }}
                  </a>
                </div>
+                @endif

                @can('self.api')
                <div class="col-md-12" style="padding-top: 5px;">
--- a/resources/views/layouts/default.blade.php
+++ b/resources/views/layouts/default.blade.php
@ -373,12 +373,14 @@ dir="{{ Helper::determineLanguageDirection() }}">
                                        </li>
                                        @endcan

+                                        @if (Auth::user()->ldap_import!='1')
                                        <li>
                                            <a href="{{ route('account.password.index') }}">
                                                <x-icon type="password" class="fa-fw" />
                                                {{ trans('general.changepassword') }}
                                            </a>
                                        </li>
+                                        @endif


                                        @can('self.api')