Patch #21436

Prevent admins from sending themselves their own password

Added by Jan from Planio www.plan.io over 2 years ago. Updated over 2 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Jean-Philippe Lang% Done:

0%

Category:Accounts / authentication
Target version:3.2.1

Description

As an admin, when setting one's own password via Users#edit instead of via the "proper form" at My#password, there should not be an option to send the password in plaintext to oneself.

IMO, the "send account information" option is made for cases where a new login/password need to be transmitted to another user after they have been set by the admin. When setting one's own password (even as admin), there should be no reason (or possibility) to send it via email.

The attached patch solves this issue.

0001-Prevent-admins-from-sending-themselves-their-own-pas.patch Magnifier (1.62 KB) Jan from Planio www.plan.io, 2015-12-06 17:25


Related issues

Related to Redmine - Defect #13197: Don't send password in plain text via email after registr... Closed

Associated revisions

Revision 14966
Added by Jean-Philippe Lang over 2 years ago

Prevent admins from sending themselves their own password (#21436).

Patch by Jan Schulz-Hofen.

History

#1 Updated by Jan from Planio www.plan.io over 2 years ago

  • Related to Defect #13197: Don't send password in plain text via email after registration added

#2 Updated by Jean-Philippe Lang over 2 years ago

  • Status changed from New to Resolved
  • Assignee set to Jean-Philippe Lang
  • Target version changed from Candidate for next minor release to 3.2.1

Thanks.

#3 Updated by Jean-Philippe Lang over 2 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF