User: allow owners to change their own password

I don't understand why this restriction exists. If someone gains access to someone else's owner account, they can do a lot worse damage than just changing the owner password. People logging in via NickAuth or hostmasks should be able to change their passwords at will, even if the owner doesn't know his previous password.
2024-11-26 20:59:27 +01:00 · 2016-02-07 12:05:03 -08:00 · 2016-02-07 12:05:03 -08:00 · 3879f30d47
commit 3879f30d47
parent d4a71497c4
1 changed files with 4 additions and 5 deletions
--- a/plugins/User/plugin.py
+++ b/plugins/User/plugin.py
@ -198,8 +198,7 @@ class User(callbacks.Plugin):
            Sets the new password for the user specified by <name> to <new
            password>. Obviously this message must be sent to the bot
            privately (not in a channel). If the requesting user is an owner
-            user (and the user whose password is being changed isn't that same
-            owner user), then <old password> needn't be correct.
+            user, then <old password> needn't be correct.
            """
            try:
                u = ircdb.users.getUser(msg.prefix)
@ -210,7 +209,7 @@ class User(callbacks.Plugin):
                    irc.errorNotRegistered(Raise=True)
                user = u
            if user.checkPassword(password) or \
-               (u and u._checkCapability('owner') and not u == user):
+               (u and u._checkCapability('owner')):
                user.setPassword(newpassword)
                ircdb.users.setUser(user)
                irc.replySuccess()