Hi there!
I’ve been using the userskit from starckio for the past months with no issues on multiple websites, in order to manage simple membership.
After updating the Kirby version of those websites, something is not working anymore: users who forgot their password and who click the reset link sent by email get an error saying "You are not allowed to change the password for the user “Member name”.
public static function changePassword(User $user, string $password): bool {
if ($user->permissions()->changePassword() !== true) {
throw new PermissionException([
'key' => 'user.changePassword.permission',
'data' => ['name' => $user->username()]
]);
}
return static::validPassword($user, $password);
}
The link sent by email looks like mysite.com/token/9eced87154adfeaf76652838687d206d.
Here is the route I am using:
[
'pattern' => 'token/([a-f0-9]{32})',
'action' => function($token) {
$kirby = kirby();
$kirby->impersonate('kirby');
if ($user = $kirby->user()) {
$user->logout();
}
if ($user = $kirby->users()->findBy('token', $token)) {
$user->update([
'token' => '',
'password' => $user->changePassword($token),
]);
if ($user->login($token)) {
go('/professionnels/mot-de-passe');
} else {
go('error');
}
} else {
go('error');
}
}
],
And here is my member.yml blueprint:
title: Member
permissions:
access:
panel: false
users: false
site: false
user:
changePassword: true
Do you know what I should do to make it work again? Something related to the Kirby impersonate? With the blueprint?
Thank you for your help