Skip to content

Commit

Permalink
FIX mark a successful login attempt when completing a password reset (#…
Browse files Browse the repository at this point in the history
  • Loading branch information
wilr committed Mar 14, 2024
1 parent 8f48e9b commit 33305ab
Showing 1 changed file with 19 additions and 4 deletions.
23 changes: 19 additions & 4 deletions src/Security/MemberAuthenticator/ChangePasswordHandler.php
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
use SilverStripe\ORM\ValidationException;
use SilverStripe\Security\Authenticator;
use SilverStripe\Security\IdentityStore;
use SilverStripe\Security\LoginAttempt;
use SilverStripe\Security\Member;
use SilverStripe\Security\Security;

Expand Down Expand Up @@ -119,8 +120,8 @@ public function changepassword()
_t(
'SilverStripe\\Security\\Security.NOTERESETLINKINVALID',
'<p>The password reset link is invalid or expired.</p>'
. '<p>You can request a new one <a href="{link1}">here</a> or change your password after'
. ' you <a href="{link2}">log in</a>.</p>',
. '<p>You can request a new one <a href="{link1}">here</a> or change your password after'
. ' you <a href="{link2}">log in</a>.</p>',
[
'link1' => Security::lost_password_url(),
'link2' => Security::login_url(),
Expand Down Expand Up @@ -267,21 +268,35 @@ public function doChangePassword(array $data, $form)
// Clear locked out status
$member->LockedOutUntil = null;
$member->FailedLoginCount = null;

// Clear the members login hashes
$member->AutoLoginHash = null;
$member->AutoLoginExpired = DBDatetime::create()->now();
$member->write();

// Create a successful 'LoginAttempt' as the password is reset
$loginAttempt = LoginAttempt::create();
$loginAttempt->Status = LoginAttempt::SUCCESS;
$loginAttempt->MemberID = $member->ID;

if ($member->Email) {
$loginAttempt->setEmail($member->Email);
}

$loginAttempt->IP = $this->getRequest()->getIP();
$loginAttempt->write();

if ($member->canLogin()) {
$identityStore = Injector::inst()->get(IdentityStore::class);
$identityStore->logIn($member, false, $this->getRequest());
}

$session->clear('AutoLoginHash');

// Redirect to backurl
// Redirect to back url
$backURL = $this->getBackURL();
if ($backURL
if (
$backURL
// Don't redirect back to itself
&& $backURL !== Security::singleton()->Link('changepassword')
) {
Expand Down

0 comments on commit 33305ab

Please sign in to comment.