Unverified Commit 725ba11e authored by gloriarodriguez's avatar gloriarodriguez Committed by GitHub
Browse files

Fix/1352 check current password (#1355)

fix(frontend): now the form check if the current password is ok

If a local user wants to change the password, the form doesn't check if
the password match with the current password.

fixes issue #1352 
parent 74ac4c5a
...@@ -1333,26 +1333,34 @@ sub user_settings { ...@@ -1333,26 +1333,34 @@ sub user_settings {
$c->param('tongue' => $USER->language); $c->param('tongue' => $USER->language);
my @errors; my @errors;
if ($c->param('button_click')) { if ($c->param('button_click')) {
if (($c->param('password') eq "") || ($c->param('conf_password') eq "") || ($c->param('current_password') eq "")) { my $auth_ok;
push @errors,("Some of the password's fields are empty"); eval { $auth_ok = Ravada::Auth::login($USER->name, $c->param('current_password'))};
} if (!$auth_ok || $@) {
else { push @errors, ("Current password is wrong");
if ($c->param('password') eq $c->param('conf_password')) { }
eval { else {
$USER->change_password($c->param('password'));
_logged_in($c); if (($c->param('password') eq "") || ($c->param('conf_password') eq "") || ($c->param('current_password') eq "")) {
}; push @errors,("Some of the password's fields are empty");
if ($@ =~ /Password too small/) { }
push @errors,("Password too small") else {
} if ($c->param('password') eq $c->param('conf_password')) {
else { eval {
$changed_pass = 1; $USER->change_password($c->param('password'));
} _logged_in($c);
} };
else { if ($@ =~ /Password too small/) {
push @errors,("Password fields aren't equal") push @errors,("Password too small")
} }
} else {
$changed_pass = 1;
}
}
else {
push @errors,("Password fields aren't equal")
}
}
}
} }
$c->render(template => 'bootstrap/user_settings', changed_lang=> $changed_lang, changed_pass => $changed_pass $c->render(template => 'bootstrap/user_settings', changed_lang=> $changed_lang, changed_pass => $changed_pass
,errors =>\@errors); ,errors =>\@errors);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment