Revert "allow password resets when using allowaccountreset and reset …

…together #6261" This reverts commit 8e5aa35.
Ylianst · Sep 30, 2024 · 41d1f9d · 41d1f9d
1 parent 113adb5
commit 41d1f9d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/webserver.js b/webserver.js
@@ -1635,7 +1635,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
         const sec = parent.decryptSessionData(req.session.e);
 
         // Check everything is ok
-        const allowAccountReset = ((typeof domain.passwordrequirements != 'object') || (typeof domain.passwordrequirements.reset === 'number' && domain.passwordrequirements.allowaccountreset !== false));
+        const allowAccountReset = ((typeof domain.passwordrequirements != 'object') || (domain.passwordrequirements.allowaccountreset !== false));
         if ((allowAccountReset === false) || (domain == null) || (domain.auth == 'sspi') || (domain.auth == 'ldap') || (typeof req.body.rpassword1 != 'string') || (typeof req.body.rpassword2 != 'string') || (req.body.rpassword1 != req.body.rpassword2) || (typeof req.body.rpasswordhint != 'string') || (req.session == null) || (typeof sec.rtuser != 'string') || (typeof sec.rtpass != 'string')) {
             parent.debug('web', 'handleResetPasswordRequest: checks failed');
             delete req.session.e;