Auth: Add disabling the password reset page

2024-11-11 01:19:53 +03:00 · 2023-05-26 16:27:40 +07:00 · 2023-05-26 16:27:40 +07:00 · 95a62f56e0
commit 95a62f56e0
parent 29716660c7
3 changed files with 8 additions and 1 deletions
--- a/Web/Presenters/AuthPresenter.php
+++ b/Web/Presenters/AuthPresenter.php
@ -207,6 +207,9 @@ final class AuthPresenter extends OpenVKPresenter
    
    function renderFinishRestoringPassword(): void
    {
+        if(OPENVK_ROOT_CONF['openvk']['preferences']['security']['disablePasswordRestoring'])
+            $this->notFound();
+
        $request = $this->restores->getByToken(str_replace(" ", "+", $this->queryParam("key")));
        if(!$request || !$request->isStillValid()) {
            $this->flash("err", tr("token_manipulation_error"), tr("token_manipulation_error_comment"));
@ -241,6 +244,9 @@ final class AuthPresenter extends OpenVKPresenter
    
    function renderRestore(): void
    {
+        if(OPENVK_ROOT_CONF['openvk']['preferences']['security']['disablePasswordRestoring'])
+            $this->notFound();
+
        if(!is_null($this->user))
            $this->redirect($this->user->identity->getURL());

--- a/Web/Presenters/templates/@layout.xml
+++ b/Web/Presenters/templates/@layout.xml
@ -220,7 +220,7 @@
                            <input type="hidden" name="hash" value="{$csrfToken}" />
                            <input type="submit" value="{_log_in}" class="button" style="display: inline-block; font-family: Tahoma" />
                            <a href="/reg"><input type="button" value="{_registration}" class="button" style="font-family: Tahoma" /></a><br><br>
-                            <a href="/restore">{_forgot_password}</a>
+                            {if !OPENVK_ROOT_CONF['openvk']['preferences']['security']['disablePasswordRestoring']}<a href="/restore">{_forgot_password}</a>{/if}
                        </form>
                    {/ifset}
                </div>
--- a/openvk-example.yml
+++ b/openvk-example.yml
@ -28,6 +28,7 @@ openvk:
            forcePhoneVerification: false
            forceEmailVerification: false
            forceStrongPassword: false
+            disablePasswordRestoring: true # turn this off if you have configured e-mail sending correctly
            enableSu: true
            rateLimits:
                actions: 5