Project

General

Profile

Actions
Copy link

Patch #21436

closed

Prevent admins from sending themselves their own password

Added by Jan from Planio www.plan.io over 8 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jean-Philippe Lang
Category:
Accounts / authentication
Target version:
3.2.1
Start date:
Due date:
% Done:

0%

Estimated time:

Description

As an admin, when setting one's own password via Users#edit instead of via the "proper form" at My#password, there should not be an option to send the password in plaintext to oneself.

IMO, the "send account information" option is made for cases where a new login/password need to be transmitted to another user after they have been set by the admin. When setting one's own password (even as admin), there should be no reason (or possibility) to send it via email.

The attached patch solves this issue.

Files

0001-Prevent-admins-from-sending-themselves-their-own-pas.patch (1.62 KB) 0001-Prevent-admins-from-sending-themselves-their-own-pas.patch Jan from Planio www.plan.io, 2015-12-06 17:25

Related issues

Related to Redmine - Defect #13197: Don't send password in plain text via email after registrationClosed

Actions
Actions
Copy link
 #1

Updated by Jan from Planio www.plan.io over 8 years ago

  • Related to Defect #13197: Don't send password in plain text via email after registration added
Actions
Copy link
 #2

Updated by Jean-Philippe Lang over 8 years ago

  • Status changed from New to Resolved
  • Assignee set to Jean-Philippe Lang
  • Target version changed from Candidate for next minor release to 3.2.1

Thanks.

Actions
Copy link
 #3

Updated by Jean-Philippe Lang over 8 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF