Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to stop customers changing password

SOLVED
Go to solution
‎10-18-2019 08:34 AM
‎10-18-2019 08:34 AM

How to stop customers changing password

I curently have a b2b site where I set the same password for each store. I'd like to disable "Change Password" on the account page so no one can change the password. Please see attached ss

https://ibb.co/M7ZSHyH

 

Magento 2.3.2 CE

Cheers.

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
‎10-18-2019 08:44 PM
‎10-18-2019 08:44 PM

Re: How to stop customers changing password

several things need to be taken care of for this purpose and requires a custom module created

 

1, remove reset password link from customer account dashboard page

 to remove the link we need to create a customer_account_index.xml file in your custom module to rewrite template file Magento_Customer::account/dashboard/info.phtml

<?xml version="1.0"?>
<page xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" layout="2columns-left" xsi:noNamespaceSchemaLocation="urn:magento:framework:View/Layout/etc/page_configuration.xsd">
    <body>
        <referenceContainer name="customer_account_dashboard_info">
             <action method="setTemplate">
                 <argument name="template" xsi:type="string">[Name_Space]_[Your_Module]::account/dashboard/info.phtml</argument>
             </action>
        </referenceContainer>
    </body>
</page>

 then you can copy the magento template vendor/magento/module-customer/view/frontend/templates/account/dashboard/info.phtml to your own module and remove the reset password link in it. 

A dirty hack if you don't want to rewrite template is to add a custom css rule to hide the link

 

.action.change-password {display:none;}

 

 

 2, remove password reset checkbox from customer account editing page

similarly like in step1, we need to rewrite template vendor/magento/module-customer/view/frontend/templates/form/edit.phtml from customer_account_edit.xml layout to remove the reset password checkbox 

 

3, remove the forgot password link from login page

again, rewrite template vendor/magento/module-customer/view/frontend/templates/form/login.phtml from customer_account_login.xml layout to remove the forgot password link

 

4, if you are worried about people bypassing frontend and sending password request directly to server, create a aroundChangePassword plugin for Magento\Customer\Api\AccountManagementInterface to not reset password and return a friendly message back to customer.

 

View solution in original post

0 Kudos
6 REPLIES 6
‎10-18-2019 11:44 AM
‎10-18-2019 11:44 AM

Re: How to stop customers changing password

Hi @batman13 

 

What is the use case for this requirement?

Do you provide a specific password to every user? If it is not a auto generated password which is sent to customer by email then it is not a good practice.

 

---
Problem Solved Click Accept as Solution!:Magento Community India Forum
0 Kudos
‎10-18-2019 01:05 PM
‎10-18-2019 01:05 PM

Re: How to stop customers changing password

I set the same password for every store. I understand that it's not good practice.

0 Kudos
‎10-18-2019 01:30 PM
‎10-18-2019 01:30 PM

Re: How to stop customers changing password

@batman13There is no out of the shelf solution.  I doubt there will be a extension which could be stopping customer to change their password.

 

Easy option could be just remove that change password link form the templates.

- Tarandeep
Problem solved?Please give 'Kudos' and accept 'Answer as Solution'.
0 Kudos
‎10-18-2019 03:03 PM
‎10-18-2019 03:03 PM

Re: How to stop customers changing password

Easy option could be just remove that change password link form the templates.

Where would this be exactly?

 

Thank you.

0 Kudos
‎10-18-2019 08:44 PM
‎10-18-2019 08:44 PM

Re: How to stop customers changing password

several things need to be taken care of for this purpose and requires a custom module created

 

1, remove reset password link from customer account dashboard page

 to remove the link we need to create a customer_account_index.xml file in your custom module to rewrite template file Magento_Customer::account/dashboard/info.phtml

<?xml version="1.0"?>
<page xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" layout="2columns-left" xsi:noNamespaceSchemaLocation="urn:magento:framework:View/Layout/etc/page_configuration.xsd">
    <body>
        <referenceContainer name="customer_account_dashboard_info">
             <action method="setTemplate">
                 <argument name="template" xsi:type="string">[Name_Space]_[Your_Module]::account/dashboard/info.phtml</argument>
             </action>
        </referenceContainer>
    </body>
</page>

 then you can copy the magento template vendor/magento/module-customer/view/frontend/templates/account/dashboard/info.phtml to your own module and remove the reset password link in it. 

A dirty hack if you don't want to rewrite template is to add a custom css rule to hide the link

 

.action.change-password {display:none;}

 

 

 2, remove password reset checkbox from customer account editing page

similarly like in step1, we need to rewrite template vendor/magento/module-customer/view/frontend/templates/form/edit.phtml from customer_account_edit.xml layout to remove the reset password checkbox 

 

3, remove the forgot password link from login page

again, rewrite template vendor/magento/module-customer/view/frontend/templates/form/login.phtml from customer_account_login.xml layout to remove the forgot password link

 

4, if you are worried about people bypassing frontend and sending password request directly to server, create a aroundChangePassword plugin for Magento\Customer\Api\AccountManagementInterface to not reset password and return a friendly message back to customer.

 

0 Kudos
‎04-25-2020 02:14 PM
‎04-25-2020 02:14 PM

Re: How to stop customers changing password

Is there a dirty hack to remove the forgot password link from login page

0 Kudos