[Koha-bugs] [Bug 25936] Notify users if their password has changed
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Mar 3 17:23:54 CET 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25936
--- Comment #6 from Martin Renvoize <martin.renvoize at ptfs-europe.com> ---
(In reply to Marcel de Rooy from comment #5)
> Great addition. Security++
>
> Only thing I could say about the code:
>
> if ( !C4::Auth::checkpw_hash( $password, $self_from_storage->password ) ) {
>
> I understand this change but it should not really be bound to notify yes or
> no. Could imagine that set_password should check that always and report it?
> Currently the interface lets you change your password while not entering a
> new one.
I went through the same thought process when I wrote that line. I chose to put
it inside the check for two reasons. One, to not require the extra DB hit
unless necessary and Two, I was sure what to do with an exception if we did
throw one.
I decided in the end that it should be handled in the UI if we want to perform
such a check, but should that be in opac and staff, or just opac, and what
about imports ;).
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list