Change password

fbee56e5 · Roberto P. Rubio · 1cd459f3 · fbee56e5 · fbee56e5 · fbee56e5
Commit fbee56e5 authored Mar 08, 2021 by Roberto P. Rubio
--- a/lib/Ravada/Auth/SQL.pm
+++ b/lib/Ravada/Auth/SQL.pm
@@ -498,6 +498,24 @@ sub id {
    return $id;
 }

+=head2 password_will_be_changed
+
+Returns true if user password will be changed
+
+    $user->password_will_be_changed();
+
+=cut
+
+sub password_will_be_changed {
+    my $self = shift;
+
+    _init_connector();
+
+    my $sth = $$CON->dbh->prepare("SELECT change_password FROM users WHERE name=?");
+    $sth->execute($self->name);
+    return $sth->fetchrow();
+}
+
 =head2 change_password

 Changes the password of an User

--- a/public/js/ravada.js
+++ b/public/js/ravada.js
@@ -22,6 +22,7 @@
            .service("listMess", gtListMess)
            .controller("SupportForm", suppFormCtrl)
 	        .controller("AddUserForm",addUserFormCrtl)
+	        .controller("ChangePasswordForm",changePasswordFormCrtl)
 //            .controller("machines", machinesCrtl)
 //            .controller("messages", messagesCrtl)
            .controller("users", usersCrtl)
@@ -74,6 +75,11 @@
    function addUserFormCrtl($scope, $http, request){


+    };
+
+    function changePasswordFormCrtl($scope, $http, request){
+
+
    };

    function swNewMach() {

--- a/script/rvd_front
+++ b/script/rvd_front
@@ -151,6 +151,7 @@ hook before_routes => sub {
            ,url => undef
            ,_logged_in => undef
            ,_anonymous => undef
+            ,forcing_change_password => undef
            ,_user => undef
            ,footer=> $CONFIG_FRONT->{footer}
            ,monitoring => 0
@@ -180,6 +181,10 @@ hook before_routes => sub {

    return if $url =~ m{^/anonymous};

+    if ((defined $USER) && (_logged_in($c)) && ($USER->password_will_be_changed())) {
+        return change_password($c, 1);        
+    }
+
    if (($url =~ m{^/machine/(clone|display|info|view)/}
        || $url =~ m{^/(list_bases_anonymous|request/)}i
        || $url =~ m{^/ws/subscribe}
@@ -1094,6 +1099,11 @@ any '/admin/user/(:id).(:type)' => sub {
    return $c->render(template => 'main/manage_user');
 };

+any '/user/change_password' => sub {
+    my $c = shift;
+    return change_password($c);
+};
+
 get '/list_ldap_attributes/(#cn)' => sub {
    my $c = shift;

@@ -2276,6 +2286,36 @@ sub register {
   $c->render(template => 'bootstrap/new_user');
 }

+sub change_password {
+    my $c = shift;
+
+    my ($forcing_change_password) = @_;
+
+    return $c->render(text => "User is anonymous")
+        if (! _logged_in($c));
+
+    return $c->render(text => "User is temporary")
+        if $USER->is_temporary;
+
+    my $old_password = $c->param('old_password');
+
+    if ($old_password) {
+        return $c->render(template => 'bootstrap/change_password', error => [ "Old password do not match!" ]) if (! $USER->compare_password($old_password));
+
+        my $new_password = $c->param('new_password');
+        return $c->render(template => 'bootstrap/change_password', error => [ "New password length is less than 6!" ]) if (length($new_password) < 6);
+
+        my $repeated_new_password = $c->param('repeated_new_password');
+        return $c->render(template => 'bootstrap/change_password', error => [ "New password and their repeat do not match!" ]) if ($new_password ne $repeated_new_password);
+
+        $USER->change_password($c->param('new_password'), 0);
+
+        $c->redirect_to('/');
+    }
+
+    $c->render(template => 'bootstrap/change_password', forcing_change_password => $forcing_change_password);
+}
+
 sub manage_machine {
    my $c = shift;
    my ($domain) = _search_requested_machine($c);

--- a/templates/bootstrap/change_password.html.ep
+++ b/templates/bootstrap/change_password.html.ep
+<!DOCTYPE html>
+<html ng-app="ravada.app">
+%= include 'bootstrap/header'
+<body id="page-top" data-spy="scroll" data-target=".navbar-fixed-top" role="document">
+    <div id="wrapper">
+%= include 'bootstrap/navigation'
+        <div id="page-wrapper">
+            <!--CHANGE PASSWORD-->
+            <div ng-controller="ChangePasswordForm">
+               <div class="page-title">
+                    <div class="card">
+                        <div class="card-header">
+                            <h2><%=l 'Change password' %>
+                            </h2>
+                        </div>
+                        %= include '/ng-templates/change_password'
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+%= include 'bootstrap/scripts'
+</body>
+</html>
--- a/templates/bootstrap/navigation.html.ep
+++ b/templates/bootstrap/navigation.html.ep
@@ -13,6 +13,7 @@ navbar-dark bg-dark fixed-top navbar-expand-lg navbar-inverse">
            <div class="collapse navbar-collapse justify-content-end" id="navbarNavDropdown">
            <!-- Top Menu Items -->
                <ul class="navbar-nav">
+% if (! $forcing_change_password) {
 % if ($_logged_in) {
 % if ( !$_anonymous ) {
                    <li class="nav-item active">
@@ -60,6 +61,7 @@ navbar-dark bg-dark fixed-top navbar-expand-lg navbar-inverse">
                        </div>
                    </li>
 % }
+% }
 % }
                </ul>
            </div>

--- a/templates/main/manage_user.html.ep
+++ b/templates/main/manage_user.html.ep
@@ -22,7 +22,7 @@
                <a class="nav-link" href="#grants" role="tab" data-toggle="tab" aria-controls="grants" aria-selected="true">Grants</a>
            </li>
 % }
-% if (( $_user->is_admin ) && (! $_user->is_external)) {
+% if (( $_user->is_admin ) && (! $user->is_external)) {
            <li class="nav-item">
                <a class="nav-link" href="#password" role="tab" data-toggle="tab" aria-controls="password" aria-selected="true">Password</a>
            </li>
@@ -39,7 +39,7 @@
                %= include '/main/manage_user_grants'
            </div>
 % }
-% if (( $_user->is_admin ) && (! $_user->is_external)) {
+% if (( $_user->is_admin ) && (! $user->is_external)) {
            <div class="tab-pane fade" id="password" role="tabpanel" aria-labelledby="password-tab">
                %= include '/main/manage_user_password'
            </div>

--- a/templates/ng-templates/change_password.html.ep
+++ b/templates/ng-templates/change_password.html.ep
+<div class="card-body">
+    <form name="form" role="form" method="post" action="/user/change_password" novalidate>
+        <div class="from-group">
+            <label for="old_password"><%=l 'Old Password' %></label>
+            <input class="form-control" ng-model="old_password" ng-model-onblur  placeholder="<%=l 'Enter Old Password' %>" type="password" ng-minlength="6" name="old_password" id="old_password" required="true" ng-pattern="/^[a-zA-Z0-9]*$/"><br/>    
+        </div>
+        <div class="from-group">
+            <label for="new_password"><%=l 'New Password' %></label>
+            <input class="form-control" ng-model="new_password" ng-model-onblur  placeholder="<%=l 'Enter New Password' %>" type="password" ng-minlength="6" name="new_password" id="new_password" required="true" ng-pattern="/^[a-zA-Z0-9]*$/"><br/>    
+        </div>
+        <div class="from-group">
+            <label for="repeated_new_password"><%=l 'Repeat New Password' %></label>
+            <input class="form-control" ng-model="repeated_new_password" ng-model-onblur  placeholder="<%=l 'Re-Enter New Password' %>" type="password" ng-minlength="6" name="repeated_new_password" id="repeated_new_password" required="true" ng-pattern="/^[a-zA-Z0-9]*$/"><br/>    
+        </div>
+        <div ng-show="form.$submitted || (form.old_password.$touched && form.old_password.$dirty)">
+            <div ng-show="form.old_password.$error.required" class="alert alert-warning">
+                <strong><%=l 'Oops!' %></strong>&nbsp;<%=l 'Old Password is required' %>.
+            </div>
+            <div ng-show="form.old_password.$error.minlength" class="alert alert-warning">
+                <strong><%=l 'Oops!' %></strong>&nbsp;<%=l 'Old Password must be at least 6 characters' %>.
+            </div>
+            <div ng-show="form.old_password.$error.pattern" class="alert alert-warning">
+                <strong><%=l 'Oops!' %></strong>&nbsp;<%=l 'Old Password can only contain words and numbers' %>.
+            </div>
+
+            <div ng-show="form.new_password.$error.required" class="alert alert-warning">
+                <strong><%=l 'Oops!' %></strong>&nbsp;<%=l 'New Password is required' %>.
+            </div>
+            <div ng-show="form.new_password.$error.minlength" class="alert alert-warning">
+                <strong><%=l 'Oops!' %></strong>&nbsp;<%=l 'New Password must be at least 6 characters' %>.
+            </div>
+            <div ng-show="form.new_password.$error.pattern" class="alert alert-warning">
+                <strong><%=l 'Oops!' %></strong>&nbsp;<%=l 'New Password can only contain words and numbers' %>.
+            </div>
+            <div ng-show="old_password === new_password" class="alert alert-warning">
+                <strong><%=l 'Oops!' %></strong>&nbsp;<%=l 'Old and New Passwords match!' %>.
+            </div>
+
+            <div ng-show="form.repeated_new_password.$error.required" class="alert alert-warning">
+                <strong><%=l 'Oops!' %></strong>&nbsp;<%=l 'Repeated New Password is required' %>.
+            </div>
+            <div ng-show="new_password != repeated_new_password" class="alert alert-warning">
+                <strong><%=l 'Oops!' %></strong>&nbsp;<%=l 'Password and their confirmation do not match!' %>.
+            </div>
+        </div>
+        <button type="submit" ng-disabled="form.$invalid || old_password === new_password || new_password != repeated_new_password" id="submitbutton" class="btn btn-primary"><%=l 'Submit' %></button>
+        % if (scalar @$error) {
+        %   for my $i (@$error) {
+        <div class="alert alert-danger">
+            <%= $i %>
+        </div>
+        %   }
+        % }
+    </form>
+</div>