Closed (duplicate)
Project:
Drupal core
Version:
7.x-dev
Component:
user.module
Priority:
Normal
Category:
Feature request
Assigned:
Unassigned
Reporter:
Created:
17 Aug 2009 at 23:56 UTC
Updated:
4 May 2010 at 15:52 UTC
Jump to comment: Most recent file
Comments
Comment #1
shawn dearmond commentedHere's a patch. I made this configurable by adding a checkbox to admin/config/development/maintenance, which defaults to off. (see attached screenshot.)
Comment #3
shawn dearmond commentedbad bot? It succeeded before...
Comment #4
jim0203 commentedResubmitting the patch to see if the bot behaves itself.
Comment #5
chrishaslam commentedThis does indeed make much more sense than messing around with set pass=md5('NEWPASS') ;)
I applied the patch and tested the default (off) which works as expected like currently, going to /user/password when in maintenance still results in maintenance message.
I then enabled 'allow request new password' logged off and could successfully see the password request box as an anonymous user. I then reset my pass as anonymous and got the email with one-time link that worked as expected.
My only comment is this is obviously more useful for users who aren't technical or may not even have direct MySQL access. The downside for these (and new users of Drupal) is that the default is off, so without enabling this option they can still lock themselves out when in maintenance mode and being logged out.
Comment #6
shawn dearmond commentedI argue that it's generally wise to err on the side of security. Also, the behavior of Drupal in the past has always been to lock out the password request screen when in maintenance mode so that should probably be the default behavior. Since the user has to go to that screen in the first place to put the site in maintenance mode, the user will be given the choice at the appropriate time.
Comment #7
MichaelCole commented#4: 551880_password_reset_under_maintenance_second_try.patch queued for re-testing.
Comment #8
shawn dearmond commentedWorks great, as far as I can tell. Here's another re-rolled patch from today's HEAD. I also created some simpletests.
Comment #9
rfayI'm pretty sure #363580: OpenID login fails when in maintenance mode is going to go in, and then that's going to be the way to solve this. See #363580-44: OpenID login fails when in maintenance mode for a summary.
Note that it doesn't currently allow /user/password when in maintenance mode, but if we want that feature then that will be the way to do it, with hook_login_paths().
Comment #10
shawn dearmond commentedThanks for the link to that issue. Now that I see hook_login_paths(), it would be easy to build this in contrib. Maybe there should be something more like the "which pages should be available when in maintenance mode? All pages listed below, all pages EXCEPT those listed below, or use PHP to determine which pages" plus the standard textarea.
Now the hard part: coming up with a good namespace for a contrib module. I always hate this part.
Comment #11
rfayI think that a followup after #363580: OpenID login fails when in maintenance mode goes in (assuming it does), perhaps in this issue might get your concern into core.
However, please mention on that issue how it solves the problem you're looking at. That's exactly the idea: To make this general problem easy to solve in contrib or wherever.