Project

General

Profile

Actions

Patch #21436

closed

Prevent admins from sending themselves their own password

Added by Jan from Planio www.plan.io almost 9 years ago. Updated almost 9 years ago.

Status:
Closed
Priority:
Normal
Category:
Accounts / authentication
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:

Description

As an admin, when setting one's own password via Users#edit instead of via the "proper form" at My#password, there should not be an option to send the password in plaintext to oneself.

IMO, the "send account information" option is made for cases where a new login/password need to be transmitted to another user after they have been set by the admin. When setting one's own password (even as admin), there should be no reason (or possibility) to send it via email.

The attached patch solves this issue.


Files


Related issues

Related to Redmine - Defect #13197: Don't send password in plain text via email after registrationClosed

Actions
Actions #1

Updated by Jan from Planio www.plan.io almost 9 years ago

  • Related to Defect #13197: Don't send password in plain text via email after registration added
Actions #2

Updated by Jean-Philippe Lang almost 9 years ago

  • Status changed from New to Resolved
  • Assignee set to Jean-Philippe Lang
  • Target version changed from Candidate for next minor release to 3.2.1

Thanks.

Actions #3

Updated by Jean-Philippe Lang almost 9 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF