mirror of
https://github.com/Mikaela/Limnoria.git
synced 2024-12-27 21:22:39 +01:00
User: allow owners to change their own password
I don't understand why this restriction exists. If someone gains access to someone else's owner account, they can do a lot worse damage than just changing the owner password. People logging in via NickAuth or hostmasks should be able to change their passwords at will, even if the owner doesn't know his previous password.
This commit is contained in:
parent
d4a71497c4
commit
3879f30d47
@ -126,7 +126,7 @@ class User(callbacks.Plugin):
|
||||
if u._checkCapability('owner'):
|
||||
addHostmask = False
|
||||
else:
|
||||
irc.error(_('Your hostmask is already registered to %s') %
|
||||
irc.error(_('Your hostmask is already registered to %s') %
|
||||
u.name)
|
||||
return
|
||||
except KeyError:
|
||||
@ -196,10 +196,9 @@ class User(callbacks.Plugin):
|
||||
"""[<name>] <old password> <new password>
|
||||
|
||||
Sets the new password for the user specified by <name> to <new
|
||||
password>. Obviously this message must be sent to the bot
|
||||
password>. Obviously this message must be sent to the bot
|
||||
privately (not in a channel). If the requesting user is an owner
|
||||
user (and the user whose password is being changed isn't that same
|
||||
owner user), then <old password> needn't be correct.
|
||||
user, then <old password> needn't be correct.
|
||||
"""
|
||||
try:
|
||||
u = ircdb.users.getUser(msg.prefix)
|
||||
@ -210,7 +209,7 @@ class User(callbacks.Plugin):
|
||||
irc.errorNotRegistered(Raise=True)
|
||||
user = u
|
||||
if user.checkPassword(password) or \
|
||||
(u and u._checkCapability('owner') and not u == user):
|
||||
(u and u._checkCapability('owner')):
|
||||
user.setPassword(newpassword)
|
||||
ircdb.users.setUser(user)
|
||||
irc.replySuccess()
|
||||
|
Loading…
Reference in New Issue
Block a user