modxcms
New password generation method: send user email # 15461
What does it do?
This is a re-up of #15461 originally by @sdrenth back in 2021, which has gone stale waiting for some minor changes. I've rebased it, tweaked it, tested it, so we can include it in 3.1.
This adds a new option for setting the password when creating/updating a user: send the user a link to set their password. That's more secure and builds upon improvements to the password reset flow that was done in 3.0.
Why is it needed?
Showing the password on screen or manually setting a password is kinda outdated and insecure.
How to test
Create and/or edit a user, and choose "Let the user choose their own password via email" for the password method. Look for the email (make sure you have email delivery set up beforehand) and attempt to set the new password.
Related issue(s)/PR(s)
This PR replaces the stale PR #15461
https://github.com/Sterc/revolution/issues/22 https://github.com/modxcms/revolution/issues/13973 https://github.com/Sterc/revolution/pull/31
Codecov Report
Attention: 77 lines in your changes are missing coverage. Please review.
Comparison is base (
73bfd27) 21.68% compared to head (f20d31e) 21.63%.
Additional details and impacted files
@@ Coverage Diff @@
## 3.x #16519 +/- ##
============================================
- Coverage 21.68% 21.63% -0.05%
- Complexity 10496 10502 +6
============================================
Files 561 561
Lines 31703 31771 +68
============================================
Hits 6875 6875
- Misses 24828 24896 +68
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
@Mark-H — if you have a moment, could you take a look at resolving the conflicts in this so I can get it integrated?
