Merge pull request #2893 from silverstripe-iterators/pulls/forgot-password-veto

Allow vetoing forgot password requests
2024-10-22 12:05:37 +00:00 · 2014-03-03 12:19:09 +13:00 · 2014-03-03 12:19:09 +13:00 · 41cdacba06
commit 41cdacba06
parent ae31362e21 9afcf8f01a
1 changed files with 21 additions and 4 deletions
--- a/security/MemberLoginForm.php
+++ b/security/MemberLoginForm.php
@ -1,6 +1,14 @@
 <?php
 /**
- * Log-in form for the "member" authentication method
+ * Log-in form for the "member" authentication method.
 *
 * Available extension points:
 * - "authenticationFailed": Called when login was not successful. 
 *    Arguments: $data containing the form submission
 * - "forgotPassword": Called before forgot password logic kicks in, 
 *    allowing extensions to "veto" execution by returning FALSE. 
 *    Arguments: $member containing the detected Member record
 * 
 * @package framework
 * @subpackage security
 */
@ -256,9 +264,12 @@ JS
 	/**
-	 * Forgot password form handler method
+	 * Forgot password form handler method.
-	 *
+	 * Called when the user clicks on "I've lost my password".
-	 * This method is called when the user clicks on "I've lost my password"
+	 * Extensions can use the 'forgotPassword' method to veto executing
 	 * the logic, by returning FALSE. In this case, the user will be redirected back
 	 * to the form without further action. It is recommended to set a message
 	 * in the form detailing why the action was denied.
 	 *
 	 * @param array $data Submitted data
 	 */
@ -267,6 +278,12 @@ JS
 		$SQL_email = $SQL_data['Email'];
 		$member = DataObject::get_one('Member', "\"Email\" = '{$SQL_email}'");
 		// Allow vetoing forgot password requests
 		$results = $this->extend('forgotPassword', $member);
 		if($results && is_array($results) && in_array(false, $results, true)) {
 			return $this->controller->redirect('Security/lostpassword');
 		}
 		if($member) {
 			$token = $member->generateAutologinTokenAndStoreHash();