Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

FOS Disable Single Password Request Functionality

I am using the FOS user bundle in Symfony and I really dont like the fact that a user can only request their password 1 time in 24 hours. Is there any way to disable this feature to enable the user the ability to request their password multiple times. I mean what happens if their reset email never reaches their inbox and they cannot reset the pw again, whats the best way to handle this.

Thanks.

like image 658
LargeTuna Avatar asked Aug 17 '15 13:08

LargeTuna


3 Answers

In FOSUserBundle configuration exists parameter token_ttl which have default value 86400. This is a number of seconds and It is used to determine the time to live for the token and the time the user must wait before retrying the request.

You can try to set 0 or false, it should work.

fos_user:
  resetting:
    token_ttl: 0
like image 100
Srdjan Avatar answered Nov 19 '22 09:11

Srdjan


I found an issue with the below changes to the config.yml

app/config/config.yml

fos_user:
  resetting:
     token_ttl: 0

This will allow the user to request a new password as many times as they wish (no 24 hour limit) however due to the zero 'time to live' of the token it will automatically reroute you from

/resetting/reset/{token}

to

resetting/request

So the user will never be actually given the option to change their password.

This was tested on Symfony 2.6

like image 22
Brendan Avatar answered Nov 19 '22 10:11

Brendan


Long ago, you could just configure this in config.yml

fos_user:
  resetting:
    token_ttl: 0

but in recent versions, since the token_ttl is both the retry time and the lifetime of the token, if you set it to 0, as soon as you create it, it expires.

You can follow the issue in Github


If you need it fixed ASAP, as a hacky workaround, you can implement the resetAction() by copy-pasting vendor/friendsofsymfony/user-bundle/Controller/RegistrationController.php in your AppBundle (or whatever bundle, doesn't really matter) and make the router point to your overriden function, like this (routing.yml):

fos_user_resetting_reset:
    path:     /resetting/reset/{token}
    defaults: {_controller: AcmeUserBundle:Resetting:reset }

Now, in your resetAction() method you can comment out this lines:

//        if (null !== $event->getResponse()) {
//            return $event->getResponse();
//        }

There are less hacky ways, of course, like creating your own listener but... this is how I quickly and dirtily did it, since I was in a hurry and I already had the resetAction overriden.

like image 2
xDaizu Avatar answered Nov 19 '22 09:11

xDaizu