Important: #91496 - Changes to password reset functionality
See forge#91496
Description
For various reasons, administrators may disable the password reset functionality,
introduced in forge#89513, by setting
$GLOBALS
.
If disabled, TYPO3 Backend users are not able to initiate the
password reset process anymore.
This however previously also disabled the password reset cli command as well as the reset password action in the backend user module. Since it is a valid use case for administrators to disallow a password reset initiated by users on the login screen, they might still need the possibility to do so, on their own.
Therefore, some things changed in the password reset implementation:
$GLOBALS
now only affects the password reset functionality on the login screen['TYPO3_ CONF_ VARS'] ['BE'] ['password Reset'] $GLOBALS
is unchanged and affects all places['TYPO3_ CONF_ VARS'] ['BE'] ['password Reset For Admins'] - Initiating the password reset on CLI is now always enabled, while still
taking the
password
option into accountReset For Admins - Initiating the password reset in the backend can now be disabled separately
with a new user TSconfig option
options.
password Reset
For compatibility reasons, the new user TSconfig option defaults to true
.
To completely disable the password reset in the backend for all users, you can
set the user TSconfig globally in your ext_
:
// use \TYPO3\CMS\Core\Utility\ExtensionManagementUtility;
ExtensionManagementUtility::addUserTSConfig(
'options.passwordReset = 0'
);
If required, this can of course still be overwritten on a per user basis in the corresponding TSconfig field.