Allow password changes when you don't have one yet
This commit is contained in:
parent
9b441333a7
commit
2ba2fa4d7d
|
@ -81,18 +81,20 @@
|
|||
</div>
|
||||
|
||||
<div class="tab" data-name="Password" data-slug="password">
|
||||
<div class="edit-form-row">
|
||||
<div class="pt-input-ns">Old password:</div>
|
||||
<div>
|
||||
<input id="id_old_password" name="old_password" type="password" />
|
||||
{{ if .HasPassword }}
|
||||
<div class="edit-form-row">
|
||||
<div class="pt-input-ns">Old password:</div>
|
||||
<div>
|
||||
<input id="id_old_password" name="old_password" type="password" />
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
{{ end }}
|
||||
<div class="edit-form-row">
|
||||
<div class="pt-input-ns">New password:</div>
|
||||
<div>
|
||||
<input name="new_password" type="password" />
|
||||
<div class="c--dim f7 mw6">
|
||||
Your password must be 8 or more characters, and must differ from your username and current password.
|
||||
Your password must be 8 or more characters, and must differ from your username{{ if .HasPassword }} and current password{{ end }}.
|
||||
Other than that, <a href="http://krebsonsecurity.com/password-dos-and-donts/" class="external" target="_blank">please follow best practices</a>.
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
@ -213,10 +213,11 @@ func UserSettings(c *RequestContext) ResponseData {
|
|||
AvatarMaxFileSize int
|
||||
DefaultAvatarUrl string
|
||||
|
||||
User templates.User
|
||||
Email string // these fields are handled specially on templates.User
|
||||
ShowEmail bool
|
||||
LinksText string
|
||||
User templates.User
|
||||
Email string // these fields are handled specially on templates.User
|
||||
ShowEmail bool
|
||||
LinksText string
|
||||
HasPassword bool
|
||||
|
||||
SubmitUrl string
|
||||
ContactUrl string
|
||||
|
@ -292,6 +293,7 @@ func UserSettings(c *RequestContext) ResponseData {
|
|||
Email: c.CurrentUser.Email,
|
||||
ShowEmail: c.CurrentUser.ShowEmail,
|
||||
LinksText: linksText,
|
||||
HasPassword: c.CurrentUser.Password != "",
|
||||
|
||||
SubmitUrl: hmnurl.BuildUserSettings(""),
|
||||
ContactUrl: hmnurl.BuildContactPage(),
|
||||
|
@ -424,7 +426,13 @@ func UserSettingsSave(c *RequestContext) ResponseData {
|
|||
// Update password
|
||||
oldPassword := form.Get("old_password")
|
||||
newPassword := form.Get("new_password")
|
||||
if oldPassword != "" && newPassword != "" {
|
||||
var doChangePassword bool
|
||||
if c.CurrentUser.Password == "" {
|
||||
doChangePassword = newPassword != ""
|
||||
} else {
|
||||
doChangePassword = oldPassword != "" && newPassword != ""
|
||||
}
|
||||
if doChangePassword {
|
||||
errorRes := updatePassword(c, tx, oldPassword, newPassword)
|
||||
if errorRes != nil {
|
||||
return *errorRes
|
||||
|
@ -558,25 +566,27 @@ func UserProfileAdminNuke(c *RequestContext) ResponseData {
|
|||
}
|
||||
|
||||
func updatePassword(c *RequestContext, tx pgx.Tx, old, new string) *ResponseData {
|
||||
oldHashedPassword, err := auth.ParsePasswordString(c.CurrentUser.Password)
|
||||
if err != nil {
|
||||
c.Logger.Warn().Err(err).Msg("failed to parse user's password string")
|
||||
return nil
|
||||
}
|
||||
if c.CurrentUser.Password != "" {
|
||||
oldHashedPassword, err := auth.ParsePasswordString(c.CurrentUser.Password)
|
||||
if err != nil {
|
||||
c.Logger.Warn().Err(err).Msg("failed to parse user's password string")
|
||||
return nil
|
||||
}
|
||||
|
||||
ok, err := auth.CheckPassword(old, oldHashedPassword)
|
||||
if err != nil {
|
||||
res := c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to check user's password"))
|
||||
return &res
|
||||
}
|
||||
ok, err := auth.CheckPassword(old, oldHashedPassword)
|
||||
if err != nil {
|
||||
res := c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to check user's password"))
|
||||
return &res
|
||||
}
|
||||
|
||||
if !ok {
|
||||
res := c.RejectRequest("The old password you provided was not correct.")
|
||||
return &res
|
||||
if !ok {
|
||||
res := c.RejectRequest("The old password you provided was not correct.")
|
||||
return &res
|
||||
}
|
||||
}
|
||||
|
||||
newHashedPassword := auth.HashPassword(new)
|
||||
err = auth.UpdatePassword(c, tx, c.CurrentUser.Username, newHashedPassword)
|
||||
err := auth.UpdatePassword(c, tx, c.CurrentUser.Username, newHashedPassword)
|
||||
if err != nil {
|
||||
res := c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to update password"))
|
||||
return &res
|
||||
|
|
Loading…
Reference in New Issue