• Home
  • Categories
  • Recent
  • Popular
  • Top
  • Tags
  • Users
  • Groups
  • Documentation
    • Home
    • Read API
    • Write API
    • Plugin Development
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
v3.5.2 Latest
Buy Hosting

Disallow editing password, email, ...

Scheduled Pinned Locked Moved Unsolved Plugin Development
6 Posts 4 Posters 1.9k Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A Offline
    A Offline
    alexschomb
    wrote on last edited by
    #1

    The admin interface already allows to "disable username changes". Is there an existing way to disable changes for user passwords, email addresses or other user fields (e.g. fullname) as well? This would be incredibly useful with custom authentication plugins.

    NicolasN 1 Reply Last reply
    0
  • HolyPhoenixH Offline
    HolyPhoenixH Offline
    HolyPhoenix Anime Lovers
    wrote on last edited by
    #2

    I would never block a user to change their password or email. These are things that, if the user ends up having them hijacked, they will want to be able to change easily on all sites they visit. Plus, there is a better chance you will get their most up to date email and most secure passwords on your website. It keeps them and you safe as well as in contact. I can't think of a single reason you'd lock those.

    1 Reply Last reply
    1
  • NicolasN Offline
    NicolasN Offline
    Nicolas Plugin & Theme Dev
    replied to alexschomb on last edited by
    #3

    @alexschomb

    • 5 min way: just remove them from template
    • +15 min way: also return 403 for edit routes (res.render('403', {}))

    In both cases you edit source files.
    I just described one of the possible options, how you can solve your problem 😉

    1 Reply Last reply
    0
  • A Offline
    A Offline
    alexschomb
    wrote on last edited by alexschomb
    #4

    @HolyPhoenix We're using our own Identity Management database that already allows changing user passwords or emails. That's why it can be counter productive enabling users to change their forum password or email. Other administrators using OAuth or similar SSO utilities would agree.

    @Nicolas Thanks for your solution. I hoped for a more update-safe way like an override function, but it appears there is none, yet. I'll try designing my own theme. 🙂

    1 Reply Last reply
    0
  • A Offline
    A Offline
    alexschomb
    wrote on last edited by
    #5

    I tried implementing the functionality in nodeBB and persona the same way it is implemented for username:disableEdit. Apparently that doesn't work. The Disable username changes switch in den Admin panel doesn't do anything. Maybe this functionality is not feature complete, yet? @julian

    1 Reply Last reply
    0
  • julianJ Offline
    julianJ Offline
    julian GNU/Linux
    wrote on last edited by
    #6

    @baris possibly a regression?

    1 Reply Last reply
    0

Copyright © 2023 NodeBB | Contributors
  • Login

  • Don't have an account? Register

  • Login or register to search.
Powered by NodeBB Contributors
  • First post
    Last post
0
  • Home
  • Categories
  • Recent
  • Popular
  • Top
  • Tags
  • Users
  • Groups
  • Documentation
    • Home
    • Read API
    • Write API
    • Plugin Development