Auth: Add disabling the password reset page

This commit is contained in:
Ilya Prokopenko 2023-05-26 16:27:40 +07:00
parent 29716660c7
commit 95a62f56e0
No known key found for this signature in database
GPG key ID: 7736BBBB05F14A56
3 changed files with 8 additions and 1 deletions

View file

@ -207,6 +207,9 @@ final class AuthPresenter extends OpenVKPresenter
function renderFinishRestoringPassword(): void
{
if(OPENVK_ROOT_CONF['openvk']['preferences']['security']['disablePasswordRestoring'])
$this->notFound();
$request = $this->restores->getByToken(str_replace(" ", "+", $this->queryParam("key")));
if(!$request || !$request->isStillValid()) {
$this->flash("err", tr("token_manipulation_error"), tr("token_manipulation_error_comment"));
@ -241,6 +244,9 @@ final class AuthPresenter extends OpenVKPresenter
function renderRestore(): void
{
if(OPENVK_ROOT_CONF['openvk']['preferences']['security']['disablePasswordRestoring'])
$this->notFound();
if(!is_null($this->user))
$this->redirect($this->user->identity->getURL());

View file

@ -220,7 +220,7 @@
<input type="hidden" name="hash" value="{$csrfToken}" />
<input type="submit" value="{_log_in}" class="button" style="display: inline-block; font-family: Tahoma" />
<a href="/reg"><input type="button" value="{_registration}" class="button" style="font-family: Tahoma" /></a><br><br>
<a href="/restore">{_forgot_password}</a>
{if !OPENVK_ROOT_CONF['openvk']['preferences']['security']['disablePasswordRestoring']}<a href="/restore">{_forgot_password}</a>{/if}
</form>
{/ifset}
</div>

View file

@ -28,6 +28,7 @@ openvk:
forcePhoneVerification: false
forceEmailVerification: false
forceStrongPassword: false
disablePasswordRestoring: true # turn this off if you have configured e-mail sending correctly
enableSu: true
rateLimits:
actions: 5