From d0658e85eacc2f0ccea2bc68362b59f6145c03e9 Mon Sep 17 00:00:00 2001 From: zorn-v Date: Mon, 27 Jan 2025 22:48:58 +1000 Subject: Check that user actually can validate password for js Signed-off-by: zorn-v --- lib/private/Template/JSConfigHelper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/private/Template/JSConfigHelper.php') diff --git a/lib/private/Template/JSConfigHelper.php b/lib/private/Template/JSConfigHelper.php index 93f5d7a5866..de9df04ae4b 100644 --- a/lib/private/Template/JSConfigHelper.php +++ b/lib/private/Template/JSConfigHelper.php @@ -67,7 +67,7 @@ class JSConfigHelper { $backend = $this->currentUser->getBackend(); if ($backend instanceof IPasswordConfirmationBackend) { - $userBackendAllowsPasswordConfirmation = $backend->canConfirmPassword($uid); + $userBackendAllowsPasswordConfirmation = $backend->canConfirmPassword($uid) && $this->canUserValidatePassword(); } elseif (isset($this->excludedUserBackEnds[$this->currentUser->getBackendClassName()])) { $userBackendAllowsPasswordConfirmation = false; } -- cgit v1.2.3