Reset FailedLoginCount on successful password reset

This commit is contained in:
Ingo Schommer 2014-03-03 17:46:02 +13:00
parent 41cdacba06
commit c047a7b990
2 changed files with 12 additions and 0 deletions

View File

@ -105,6 +105,11 @@ class ChangePasswordForm extends Form {
// TODO Add confirmation message to login redirect // TODO Add confirmation message to login redirect
Session::clear('AutoLoginHash'); Session::clear('AutoLoginHash');
// Clear locked out status
$member->LockedOutUntil = null;
$member->FailedLoginCount = null;
$member->write();
if (isset($_REQUEST['BackURL']) if (isset($_REQUEST['BackURL'])
&& $_REQUEST['BackURL'] && $_REQUEST['BackURL']
// absolute redirection URLs may cause spoofing // absolute redirection URLs may cause spoofing

View File

@ -213,6 +213,9 @@ class SecurityTest extends FunctionalTest {
public function testChangePasswordFromLostPassword() { public function testChangePasswordFromLostPassword() {
$admin = $this->objFromFixture('Member', 'test'); $admin = $this->objFromFixture('Member', 'test');
$admin->FailedLoginCount = 99;
$admin->LockedOutUntil = SS_Datetime::now()->Format('Y-m-d H:i:s');
$admin->write();
$this->assertNull($admin->AutoLoginHash, 'Hash is empty before lost password'); $this->assertNull($admin->AutoLoginHash, 'Hash is empty before lost password');
@ -243,6 +246,10 @@ class SecurityTest extends FunctionalTest {
$goodResponse = $this->doTestLoginForm('sam@silverstripe.com' , 'changedPassword'); $goodResponse = $this->doTestLoginForm('sam@silverstripe.com' , 'changedPassword');
$this->assertEquals(302, $goodResponse->getStatusCode()); $this->assertEquals(302, $goodResponse->getStatusCode());
$this->assertEquals($this->idFromFixture('Member', 'test'), $this->session()->inst_get('loggedInAs')); $this->assertEquals($this->idFromFixture('Member', 'test'), $this->session()->inst_get('loggedInAs'));
$admin = DataObject::get_by_id('Member', $admin->ID, false);
$this->assertNull($admin->LockedOutUntil);
$this->assertEquals(0, $admin->FailedLoginCount);
} }
public function testRepeatedLoginAttemptsLockingPeopleOut() { public function testRepeatedLoginAttemptsLockingPeopleOut() {