Important: #91496 - Changes to password reset functionality

See forge#91496

Description

For various reasons, administrators may disable the password reset functionality, introduced in forge#89513, by setting $GLOBALS['TYPO3_CONF_VARS']['BE']['passwordReset']= false. If disabled, TYPO3 Backend users are not able to initiate the password reset process anymore.

This however previously also disabled the password reset cli command as well as the reset password action in the backend user module. Since it is a valid use case for administrators to disallow a password reset initiated by users on the login screen, they might still need the possibility to do so, on their own.

Therefore, some things changed in the password reset implementation:

  • $GLOBALS['TYPO3_CONF_VARS']['BE']['passwordReset'] now only affects the password reset functionality on the login screen

  • $GLOBALS['TYPO3_CONF_VARS']['BE']['passwordResetForAdmins'] is unchanged and affects all places

  • Initiating the password reset on CLI is now always enabled, while still taking the passwordResetForAdmins option into account

  • Initiating the password reset in the backend can now be disabled separately with a new user TSconfig option options.passwordReset

For compatibility reasons, the new user TSconfig option defaults to true. To completely disable the password reset in the backend for all users, you can set the user TSconfig globally in your ext_localconf.php:

// use \TYPO3\CMS\Core\Utility\ExtensionManagementUtility;
ExtensionManagementUtility::addUserTSConfig(
   'options.passwordReset = 0'
);

If required, this can of course still be overwritten on a per user basis in the corresponding TSconfig field.