Skip to content
Unverified Commit a843d3c5 authored by Arthur Schiwon's avatar Arthur Schiwon
Browse files

allow using of disabled password reset mechanism for special cases



- LostController has three endpoints
- door opener email() still rejects
- resetform(), reachable from mail, checks the token first and may report
  that password reset is disabled
- setPassword() got its check removed as it is behind CSFR anyway and still
  requires a valid token
- this allows special cases like activating a freshly created guest account

Signed-off-by: default avatarArthur Schiwon <blizzz@arthur-schiwon.de>
parent 99a14680
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment