Commit 0285f011 authored by Arnaud Pauget's avatar Arnaud Pauget

Merge branch 'Support/2.6.X' into 'master'

Support/2.6.x

See merge request !474
parents ad53bf18 e3e1122d
Pipeline #8033 failed with stages
# CHANGELOG
## Version 2.6.4
- `Fixed` Correction faille de sécurité concernant le vol de compte via l'interface de login
## Version 2.6.3
- `Fixed` Possiblité de verser en mode transactionnel via bordereau, avec des pièces de plus de 2Mo
......
2.6.3
\ No newline at end of file
2.6.4
\ No newline at end of file
......@@ -182,7 +182,13 @@ class userAuthentication
*/
public function definePassword($userName, $oldPassword, $newPassword, $requestPath)
{
if ($userAccount = $this->sdoFactory->read('auth/account', array('accountName' => $userName))) {
$tempToken = \laabs::getToken('TEMP-AUTH');
if ($this->sdoFactory->exists('auth/account', array('accountName' => $userName))
&& $userAccount = $this->sdoFactory->read('auth/account', array('accountName' => $userName))
&& !is_null($tempToken)
&& $tempToken->accountId == $userAccount->accountId) {
$this->checkPasswordPolicies($newPassword);
$encryptedPassword = $newPassword;
......
......@@ -116,7 +116,12 @@ class authentication
public function definePassword($requestPath)
{
$json = $this->json;
$json->status = true;
$json->message = "Password changed.";
if ($requestPath === false) {
$json->status = false;
$json->message = "Password not changed.";
}
$json->requestPath = $requestPath;
return $json->save();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment