From c047a7b990094da8af1c69ac0f77b0a8c91bf4f8 Mon Sep 17 00:00:00 2001 From: Ingo Schommer Date: Mon, 3 Mar 2014 17:46:02 +1300 Subject: [PATCH] Reset FailedLoginCount on successful password reset --- security/ChangePasswordForm.php | 5 +++++ tests/security/SecurityTest.php | 7 +++++++ 2 files changed, 12 insertions(+) diff --git a/security/ChangePasswordForm.php b/security/ChangePasswordForm.php index 2dfbe51f3..be5d90313 100644 --- a/security/ChangePasswordForm.php +++ b/security/ChangePasswordForm.php @@ -104,6 +104,11 @@ class ChangePasswordForm extends Form { // TODO Add confirmation message to login redirect Session::clear('AutoLoginHash'); + + // Clear locked out status + $member->LockedOutUntil = null; + $member->FailedLoginCount = null; + $member->write(); if (isset($_REQUEST['BackURL']) && $_REQUEST['BackURL'] diff --git a/tests/security/SecurityTest.php b/tests/security/SecurityTest.php index 0f76c7ac6..90d1cb617 100644 --- a/tests/security/SecurityTest.php +++ b/tests/security/SecurityTest.php @@ -213,6 +213,9 @@ class SecurityTest extends FunctionalTest { public function testChangePasswordFromLostPassword() { $admin = $this->objFromFixture('Member', 'test'); + $admin->FailedLoginCount = 99; + $admin->LockedOutUntil = SS_Datetime::now()->Format('Y-m-d H:i:s'); + $admin->write(); $this->assertNull($admin->AutoLoginHash, 'Hash is empty before lost password'); @@ -243,6 +246,10 @@ class SecurityTest extends FunctionalTest { $goodResponse = $this->doTestLoginForm('sam@silverstripe.com' , 'changedPassword'); $this->assertEquals(302, $goodResponse->getStatusCode()); $this->assertEquals($this->idFromFixture('Member', 'test'), $this->session()->inst_get('loggedInAs')); + + $admin = DataObject::get_by_id('Member', $admin->ID, false); + $this->assertNull($admin->LockedOutUntil); + $this->assertEquals(0, $admin->FailedLoginCount); } public function testRepeatedLoginAttemptsLockingPeopleOut() {