viscous/espocrm
1
0
Fork 0
mirror of https://github.com/espocrm/espocrm.git synced 2026-06-28 06:56:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

improve password change

Browse Source
This commit is contained in:
yuri
2015-07-02 15:10:01 +03:00
parent 8cd4fe5891
commit 97d7796f9d
5 changed files with 38 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
application/Espo/Controllers/User.php
View File

@@ -53,7 +53,10 @@ class User extends \Espo\Core\Controllers\Record
if (!$request->isPost()) {
throw new BadRequest();
}
return $this->getService('User')->changePassword($this->getUser()->id, $data['password']);
if (!array_key_exists('password', $data) || !array_key_exists('currentPassword', $data)) {
throw new BadRequest();
}
return $this->getService('User')->changePassword($this->getUser()->id, $data['password'], true, $data['currentPassword']);
}
public function actionChangePasswordByRequest($params, $data, $request)

1
application/Espo/Resources/i18n/en_US/User.json
View File

@@ -10,6 +10,7 @@
"roles": "Roles",
"teamRole": "Position",
"password": "Password",
"currentPassword": "Current Password",
"passwordConfirm": "Confirm Password",
"newPassword": "New Password",
"newPasswordConfirm": "Confirm New Password",

13
application/Espo/Services/User.php
View File

@@ -79,7 +79,7 @@ class User extends Record
return $result;
}
public function changePassword($userId, $password)
public function changePassword($userId, $password, $checkCurrentPassword = false, $currentPassword)
{
$user = $this->getEntityManager()->getEntity('User', $userId);
if (!$user) {
@@ -90,6 +90,17 @@ class User extends Record
throw new Error('Password can\'t be empty.');
}
if ($checkCurrentPassword) {
$passwordHash = new \Espo\Core\Utils\PasswordHash($this->getConfig());
$u = $this->getEntityManager()->getRepository('User')->where(array(
'id' => $user->id,
'password' => $passwordHash->hash($currentPassword)
))->findOne();
if (!$u) {
throw new Forbidden();
}
}
$user->set('password', $this->hashPassword($password));
$this->getEntityManager()->saveEntity($user);

4
frontend/client/res/templates/modals/change-password.tpl
View File

@@ -1,4 +1,8 @@
<div class="cell cell-currentPassword form-group">
<label class="field-label-currentPassword control-label">{{translate 'currentPassword' scope='User' category='fields'}}</label>
<div class="field field-currentPassword">{{{currentPassword}}}</div>
</div>
<div class="cell cell-password form-group">
<label class="field-label-password control-label">{{translate 'newPassword' scope='User' category='fields'}}</label>
<div class="field field-password">{{{password}}}</div>

18
frontend/client/src/views/modals/change-password.js
View File

@@ -54,6 +54,18 @@ Espo.define('Views.Modals.ChangePassword', 'Views.Modal', function (Dep) {
this.getModelFactory().create('User', function (user) {
this.model = user;
this.createView('currentPassword', 'Fields.Password', {
model: user,
mode: 'edit',
el: this.options.el + ' .field-currentPassword',
defs: {
name: 'currentPassword',
params: {
required: true,
}
}
});
this.createView('password', 'Fields.Password', {
model: user,
mode: 'edit',
@@ -84,10 +96,13 @@ Espo.define('Views.Modals.ChangePassword', 'Views.Modal', function (Dep) {
changePassword: function () {
this.getView('currentPassword').fetchToModel();
this.getView('password').fetchToModel();
this.getView('passwordConfirm').fetchToModel();
var notValid = this.getView('password').validate() || this.getView('passwordConfirm').validate();
var notValid = this.getView('currentPassword').validate() ||
this.getView('password').validate() ||
this.getView('passwordConfirm').validate();
if (notValid) {
return;
@@ -99,6 +114,7 @@ Espo.define('Views.Modals.ChangePassword', 'Views.Modal', function (Dep) {
url: 'User/action/changeOwnPassword',
type: 'POST',
data: JSON.stringify({
currentPassword: this.model.get('currentPassword'),
password: this.model.get('password')
}),
error: function () {