diff --git a/app/controllers/concerns/password_confirmation.rb b/app/controllers/concerns/password_confirmation.rb index 27ae793ffd..6234d9cdbe 100644 --- a/app/controllers/concerns/password_confirmation.rb +++ b/app/controllers/concerns/password_confirmation.rb @@ -45,6 +45,7 @@ module Concerns::PasswordConfirmation # Returns whether password confirmation has been enabled globally # AND the current user is internally authenticated. def password_confirmation_required? - Setting.internal_password_confirmation? && !User.current.uses_external_authentication? + OpenProject::Configuration.internal_password_confirmation? && + !User.current.uses_external_authentication? end end diff --git a/app/views/settings/_authentication.html.erb b/app/views/settings/_authentication.html.erb index 7e37682318..fb5cdc5191 100644 --- a/app/views/settings/_authentication.html.erb +++ b/app/views/settings/_authentication.html.erb @@ -57,12 +57,6 @@ See doc/COPYRIGHT.rdoc for more details.
<%= setting_text_field :password_count_former_banned, size: 6 %>
<%= setting_check_box :lost_password, label: :label_password_lost %>
-
- <%= setting_check_box :internal_password_confirmation %> - - <%= simple_format t('settings.instructions.internal_password_confirmation') %> - -
<% else %>
diff --git a/config/locales/en.yml b/config/locales/en.yml index b1dca9bd61..f59c91a5fa 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -1716,7 +1716,6 @@ en: setting_gravatar_default: "Default Gravatar image" setting_gravatar_enabled: "Use Gravatar user icons" setting_host_name: "Host name" - setting_internal_password_confirmation: "Password confirmation for account changes" setting_work_package_done_ratio: "Calculate the work package done ratio with" setting_work_package_done_ratio_field: "Use the work package field" setting_work_package_done_ratio_status: "Use the work package status" @@ -1782,10 +1781,6 @@ en: passwords: "Passwords" session: "Session" brute_force_prevention: "Automated user blocking" - instructions: - internal_password_confirmation: | - Require internally authenticated users to confirm their password upon changing their own account details (e.g., their email address). - Note: Even when checking this option, externally authenticated users do not have a password and will not be prompted on account changes. show_hide_project_menu: "Expand/Collapse project menu" diff --git a/config/settings.yml b/config/settings.yml index 607c762462..20e62b99fc 100644 --- a/config/settings.yml +++ b/config/settings.yml @@ -332,6 +332,3 @@ repository_checkout_data: api_max_page_size: format: int default: 500 -internal_password_confirmation: - format: boolean - default: 1 diff --git a/lib/open_project/configuration.rb b/lib/open_project/configuration.rb index 7927ad4ad9..4b88f450cd 100644 --- a/lib/open_project/configuration.rb +++ b/lib/open_project/configuration.rb @@ -77,6 +77,7 @@ module OpenProject 'disable_password_login' => false, 'omniauth_direct_login_provider' => nil, + 'internal_password_confirmation' => true, 'disable_password_choice' => false, diff --git a/spec/features/users/my_spec.rb b/spec/features/users/my_spec.rb index 2c57f91e33..f5b13ce6c0 100644 --- a/spec/features/users/my_spec.rb +++ b/spec/features/users/my_spec.rb @@ -36,8 +36,7 @@ describe 'my', type: :feature, js: true do mail: 'old@mail.com', login: 'bob', password: user_password, - password_confirmation: user_password - ) + password_confirmation: user_password) end ## @@ -68,14 +67,14 @@ describe 'my', type: :feature, js: true do end context 'when confirmation disabled', - with_settings: { internal_password_confirmation?: false } do + with_config: { internal_password_confirmation: false } do it 'does not request confirmation' do expect_changed! end end context 'when confirmation required', - with_settings: { internal_password_confirmation?: true } do + with_config: { internal_password_confirmation: true } do it 'requires the password for a regular user' do dialog.confirm_flow_with(user_password) expect_changed!