Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Disable 'Edit My Account' and 'Change Password' for SSO

Hello everyone, first time Vanilla user here. I am digging in and loving the functionality.

I'm building a SSO Wordpress site using jsConnect, and was hoping to clean up some user-interface inconsistencies. I've installed the 'Private Community' add-on and checked the SSO only option for forum registration, and I have hidden the login fields with css so only the 'Sign in with...' SSO button appears. (please send me a message if anyone needs help with these steps, I'm glad to share my solutions.)

These steps have brought me pretty far, but once users are logged in they have access to their account and a 'change password' option. This option is not functional because Vanilla does not recognize their pw from the SSO session to begin with, nor would it update their Wordpress password. I would rather just remove these options if possible.

I have tried un-checking the 'Edit' and 'View' profiles option in roles & permissions but that does not remove this functionality. I could hide the main navigation link to edit my profile, but anywhere my username appears it is also a link to my account editing screen.

Anyone have a solution to this? Thanks!

Comments

  • vrijvlindervrijvlinder Papillon-Sauvage MVP
    edited February 2013

    welcome,

    please send me a message if anyone needs help with these steps

    Just post the steps if you would so everyone can benefit from your experience :)

    can't you just hide the buttons for those links on the user profile with css like the form? If a user does not have access to edit their profile then their profile is rather useless, Is that what you want? Maybe there is a way to disable the user profile altogether,

  • 422422 Developer MVP

    Ok not for the faint hearted and you would need to recall the edits you did ( for when you upgrade ok )

    forums/applications/dashboard/controllers/

    open class.profilecontroller.php

    Line 910 to 919 ( comment out code on each line with //

    ;)

    There was an error rendering this rich post.

  • 422422 Developer MVP

    Screenshot included :)

    There was an error rendering this rich post.

  • edited February 2013

    vrijvlinder, I'm not sure why I had not thought about the css approach for those links. I've gone ahead and used custom.css to hide the 'Change Password' and 'Edit my account' links.
    Thanks also to 422, your solution worked like a charm! But upon 2nd thought the css was the sustainable way to go.

    For those interested, here is the custom css code to clean up the login page for SSO installations. Note that this is for SSO only sites, users registered via the Vanilla forums will not be able to log in as this code hides the 'Username/email' and 'Password' links. This code goes into the custom.scc file inside themes>your current theme>design

    `/* Sign In Page (this hides the 'username/email' and 'password' fields, and emphasises the SSO link) */
    .MultipleEntryMethods .MainForm {
    display:none;
    }
    .MultipleEntryMethods .Methods {
    right:auto;
    left:0;
    border-left:0;
    width:300px;
    }
    .MultipleEntryMethods .Methods div b {
    display:none;
    }
    .MultipleEntryMethods .RegisterLink {
    display:none;
    }
    a.Button.SignInLink {
    font-size:1.8em;
    padding:0.4em 1em;
    }
    .MultipleEntryMethods .JsConnect-Connect {
    font-size:1.4em;
    }
    .JsConnect-Connect .ConnectLabel {
    font-weight: bold;
    line-height:150%;
    }

    /* profile pages (removes profile link for editing account and changing password) */

    .Dashboard li.EditAccountLink, .Dashboard li.PasswordLink {
    display:none;
    }`

  • Hmm I must be a vanilla newb, how do I properly post code in the forums?

  • 422422 Developer MVP

    we have all asked this so many times lol.

    If you are committed to SSO, then either solution is fine. Personally, the css route leaves exploits open to code snoopers who can change display:none to display:block etc

    There was an error rendering this rich post.

  • vrijvlindervrijvlinder Papillon-Sauvage MVP

    @kylenumann

    how do I properly post code in the forums?

    you can use < pre > code goes here < / pre >

    or

    < code > code goes here < code >

  • edited February 2013

    422, yes the css option is a less elemental change, but this forum is for non-technical users (on a limited budget), and if they happen to be snooping in the css they can find what they like... the profile edit screen is harmless, as it doesn't work for SSO members. I just wanted to give the most fluid experience for regular users.

    I'll try again to paste the code formatted correctly:

    /* Sign In Page (this hides the 'username/email' and 'password' fields, and emphasises the SSO link) */
    .MultipleEntryMethods .MainForm {
         display:none; 
    }
    .MultipleEntryMethods .Methods {
        right:auto;
        left:0;
        border-left:0;
        width:300px;
    }
    .MultipleEntryMethods .Methods div b {
        display:none;
    }
    .MultipleEntryMethods .RegisterLink {
        display:none;
    }
    a.Button.SignInLink {
        font-size:1.8em;
        padding:0.4em 1em;
    }
    .MultipleEntryMethods .JsConnect-Connect {
        font-size:1.4em;
    }
    .JsConnect-Connect .ConnectLabel {
        color: #000000;
        font-weight: bold;
        line-height:150%;
    }
    
    /* profile pages (removes profile link for editing account and changing password) */
    
    .Dashboard li.EditAccountLink, .Dashboard li.PasswordLink {
        display:none;
    } 
  • vrijvlindervrijvlinder Papillon-Sauvage MVP

    There should be a "Hide this plugin" which simply adds display:none!important to the part you want to hide. Or that hides the modules on demand.

  • 422422 Developer MVP

    @kylenumann ( on a limited budget )
    Both answers you received were Free :)

    There was an error rendering this rich post.

  • 422- Yup, good call.

  • You can also add this to config.php to disable the "Edit My Account" and "Change Password" links:

    $Configuration['Garden']['UserAccount']['AllowEdit'] = FALSE;

Sign In or Register to comment.