Fixes #1909

devishke-orange · 2025-10-21T14:54:07Z

Fixes for

OHRM5X-2610
OHRM5X-2611
ORHM5X-2612
OHRM5X-2613 (Partially complete)

- validate emails in ResetPasswordService.php - sanitize user names in ResetPasswordService.php - add new page for email failures - route to new page in RequestResetPasswordController.php

- get resetCode as a hidden input - use existing validation of reset code to check for modified usernames

- add isEntityAccessible check into attachment controller

- add user active check to auth subscriber and logout if not

installer/Util/AppSetupUtility.php

src/plugins/orangehrmAuthenticationPlugin/Subscriber/AuthenticationSubscriber.php

- add checks for terminated employee

…event conflict with new logout logic

- store auth user last modified as session variable - log out user if session last modified differs from db last modified - update UpdatePasswordAPI to set last modified - route on update password screen to trigger session expiry - add "Session Expiry" lang string

- add work email validation to FE and API

- validate email in email service

devishke-orange added 4 commits October 21, 2025 16:54

OHRM5X-2610 fix

461a79e

- validate emails in ResetPasswordService.php - sanitize user names in ResetPasswordService.php - add new page for email failures - route to new page in RequestResetPasswordController.php

OHRM5X-2611 fix

1e2d4f1

- get resetCode as a hidden input - use existing validation of reset code to check for modified usernames

OHRM5X-2612 fix

b48878a

- add isEntityAccessible check into attachment controller

OHRM5X-2613 fix

b92f066

- add user active check to auth subscriber and logout if not

devishke-orange requested a review from RajithaKumara October 21, 2025 14:54

devishke-orange marked this pull request as draft October 21, 2025 14:57

RajithaKumara requested changes Oct 21, 2025

View reviewed changes

installer/Util/AppSetupUtility.php Show resolved Hide resolved

src/plugins/orangehrmAuthenticationPlugin/Subscriber/AuthenticationSubscriber.php Show resolved Hide resolved

devishke-orange added 7 commits October 22, 2025 12:02

OHRM5X-2613 fix

83fa567

- add checks for terminated employee

move 5.7.1 migrations to 5.8

5f152e8

Update ControllerTrait.php forward to use Symfony Response type to pr…

8086923

…event conflict with new logout logic

OHRM5X-2613 fix

e461541

- store auth user last modified as session variable - log out user if session last modified differs from db last modified - update UpdatePasswordAPI to set last modified - route on update password screen to trigger session expiry - add "Session Expiry" lang string

OHRM5X-2610 fix

3c2dc93

- add work email validation to FE and API

OHRM5X-2610 fix

1d60b62

- validate email in email service

update failing tests

cf8f098

devishke-orange marked this pull request as ready for review October 23, 2025 00:23

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Fixes #1909

Fixes #1909

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Fixes #1909

Are you sure you want to change the base?

Fixes #1909

Uh oh!

Conversation

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants