Lanmikeman/openvk
Lanmikeman/openvk
1
1
Fork 0
mirror of https://github.com/openvk/openvk synced 2024-11-11 01:19:53 +03:00
Code Issues Projects Releases Packages Wiki Activity

Auth: Add disabling the password reset page

Browse source
This commit is contained in:
Ilya Prokopenko 2023-05-26 16:27:40 +07:00
parent 29716660c7
commit 95a62f56e0
No known key found for this signature in database
GPG key ID: 7736BBBB05F14A56
3 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
Web/Presenters/AuthPresenter.php
View file

@ -207,6 +207,9 @@ final class AuthPresenter extends OpenVKPresenter
function renderFinishRestoringPassword(): void function renderFinishRestoringPassword(): void
{ {
if(OPENVK_ROOT_CONF['openvk']['preferences']['security']['disablePasswordRestoring'])
$this->notFound();
$request = $this->restores->getByToken(str_replace(" ", "+", $this->queryParam("key"))); $request = $this->restores->getByToken(str_replace(" ", "+", $this->queryParam("key")));
if(!$request || !$request->isStillValid()) { if(!$request || !$request->isStillValid()) {
$this->flash("err", tr("token_manipulation_error"), tr("token_manipulation_error_comment")); $this->flash("err", tr("token_manipulation_error"), tr("token_manipulation_error_comment"));
@ -241,6 +244,9 @@ final class AuthPresenter extends OpenVKPresenter
function renderRestore(): void function renderRestore(): void
{ {
if(OPENVK_ROOT_CONF['openvk']['preferences']['security']['disablePasswordRestoring'])
$this->notFound();
if(!is_null($this->user)) if(!is_null($this->user))
$this->redirect($this->user->identity->getURL()); $this->redirect($this->user->identity->getURL());

2
Web/Presenters/templates/@layout.xml
View file

@ -220,7 +220,7 @@
<input type="hidden" name="hash" value="{$csrfToken}" /> <input type="hidden" name="hash" value="{$csrfToken}" />
<input type="submit" value="{_log_in}" class="button" style="display: inline-block; font-family: Tahoma" /> <input type="submit" value="{_log_in}" class="button" style="display: inline-block; font-family: Tahoma" />
<a href="/reg"><input type="button" value="{_registration}" class="button" style="font-family: Tahoma" /></a><br><br> <a href="/reg"><input type="button" value="{_registration}" class="button" style="font-family: Tahoma" /></a><br><br>
<a href="/restore">{_forgot_password}</a> {if !OPENVK_ROOT_CONF['openvk']['preferences']['security']['disablePasswordRestoring']}<a href="/restore">{_forgot_password}</a>{/if}
</form> </form>
{/ifset} {/ifset}
</div> </div>

1
openvk-example.yml
View file

@ -28,6 +28,7 @@ openvk:
forcePhoneVerification: false forcePhoneVerification: false
forceEmailVerification: false forceEmailVerification: false
forceStrongPassword: false forceStrongPassword: false
disablePasswordRestoring: true # turn this off if you have configured e-mail sending correctly
enableSu: true enableSu: true
rateLimits: rateLimits:
actions: 5 actions: 5