MyFavMirrors/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-11-07 21:02:53 -05:00
Code Issues Packages Projects Releases Wiki Activity

Revert "allow password resets when using allowaccountreset and reset together #6261"

Browse Source 
This reverts commit 8e5aa35bf3.
This commit is contained in:
si458
2024-09-30 17:30:07 +01:00
parent 113adb5b85
commit 41d1f9d26f
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
webserver.js
View File

@@ -1635,7 +1635,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
const sec = parent.decryptSessionData(req.session.e); const sec = parent.decryptSessionData(req.session.e);
// Check everything is ok // Check everything is ok
const allowAccountReset = ((typeof domain.passwordrequirements != 'object') || (typeof domain.passwordrequirements.reset === 'number' && domain.passwordrequirements.allowaccountreset !== false)); const allowAccountReset = ((typeof domain.passwordrequirements != 'object') || (domain.passwordrequirements.allowaccountreset !== false));
if ((allowAccountReset === false) || (domain == null) || (domain.auth == 'sspi') || (domain.auth == 'ldap') || (typeof req.body.rpassword1 != 'string') || (typeof req.body.rpassword2 != 'string') || (req.body.rpassword1 != req.body.rpassword2) || (typeof req.body.rpasswordhint != 'string') || (req.session == null) || (typeof sec.rtuser != 'string') || (typeof sec.rtpass != 'string')) { if ((allowAccountReset === false) || (domain == null) || (domain.auth == 'sspi') || (domain.auth == 'ldap') || (typeof req.body.rpassword1 != 'string') || (typeof req.body.rpassword2 != 'string') || (req.body.rpassword1 != req.body.rpassword2) || (typeof req.body.rpasswordhint != 'string') || (req.session == null) || (typeof sec.rtuser != 'string') || (typeof sec.rtpass != 'string')) {
parent.debug('web', 'handleResetPasswordRequest: checks failed'); parent.debug('web', 'handleResetPasswordRequest: checks failed');
delete req.session.e; delete req.session.e;