Split personal and user-mgmt password change logic

diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php
index 47ceb5ab87379956fe5b5419f4f880e7958b3cab..41f0fa2f2fd5f6185ae03b6df9b82a97bdc66e17 100644 (file)
--- a/settings/ajax/changepassword.php
+++ b/settings/ajax/changepassword.php
@@ -1,34 +1,34 @@
 <?php
 
-// Check if we are a user
-OCP\JSON::callCheck();
+// Check if we are an user
+OC_JSON::callCheck();
 OC_JSON::checkLoggedIn();
 
 // Manually load apps to ensure hooks work correctly (workaround for issue 1503)
-OC_APP::loadApps();
+OC_App::loadApps();
 
-$username = isset($_POST['username']) ? $_POST['username'] : OC_User::getUser();
-$password = isset($_POST['personal-password']) ? $_POST['personal-password'] : null;
-$oldPassword = isset($_POST['oldpassword']) ? $_POST['oldpassword'] : '';
+if (isset($_POST['username'])) {
+       $username = $_POST['username'];
+} else {
+       $l = new \OC_L10n('settings');
+       OC_JSON::error(array('data' => array('message' => $l->t('No user supplied')) ));
+       exit();
+}
+
+$password = isset($_POST['password']) ? $_POST['password'] : null;
 $recoveryPassword = isset($_POST['recoveryPassword']) ? $_POST['recoveryPassword'] : null;
 
-$userstatus = null;
 if (OC_User::isAdminUser(OC_User::getUser())) {
        $userstatus = 'admin';
-}
-if (OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) {
+} elseif (OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) {
        $userstatus = 'subadmin';
-}
-if (OC_User::getUser() === $username && OC_User::checkPassword($username, $oldPassword)) {
-       $userstatus = 'user';
-}
-
-if (is_null($userstatus)) {
-       OC_JSON::error(array('data' => array('message' => 'Authentication error')));
+} else {
+       $l = new \OC_L10n('settings');
+       OC_JSON::error(array('data' => array('message' => $l->t('Authentication error')) ));
        exit();
 }
 
-if (\OCP\App::isEnabled('files_encryption') && $userstatus !== 'user') {
+if (\OC_App::isEnabled('files_encryption')) {
        //handle the recovery case
        $util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), $username);
        $recoveryAdminEnabled = OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled');
@@ -55,7 +55,7 @@ if (\OCP\App::isEnabled('files_encryption') && $userstatus !== 'user') {
        }
 
        }
-} else { // if user changes his own password or if encryption is disabled, proceed
+} else { // if encryption is disabled, proceed
        if (!is_null($password) && OC_User::setPassword($username, $password)) {
                OC_JSON::success(array('data' => array('username' => $username)));
        } else {

diff --git a/settings/ajax/changepersonalpassword.php b/settings/ajax/changepersonalpassword.php
new file mode 100644 (file)
index 0000000..6c3f5d5
--- /dev/null
+++ b/settings/ajax/changepersonalpassword.php
@@ -0,0 +1,24 @@
+<?php
+
+// Check if we are an user
+OC_JSON::callCheck();
+OC_JSON::checkLoggedIn();
+
+// Manually load apps to ensure hooks work correctly (workaround for issue 1503)
+OC_App::loadApps();
+
+$username = OC_User::getUser();
+$password = isset($_POST['personal-password']) ? $_POST['personal-password'] : null;
+$oldPassword = isset($_POST['oldpassword']) ? $_POST['oldpassword'] : '';
+$recoveryPassword = isset($_POST['recoveryPassword']) ? $_POST['recoveryPassword'] : null;
+
+if (!OC_User::checkPassword($username, $oldPassword)) {
+       $l = new \OC_L10n('settings');
+       OC_JSON::error(array("data" => array("message" => $l->t("Wrong password")) ));
+       exit();
+}
+if (!is_null($password) && OC_User::setPassword($username, $password)) {
+       OC_JSON::success();
+} else {
+       OC_JSON::error();
+}

diff --git a/settings/js/personal.js b/settings/js/personal.js
index 8ad26c086b51839879a2830f8b478a9177286c4e..8cf4754f793f4c62b6b6d6eeb4ea6385c5023a7b 100644 (file)
--- a/settings/js/personal.js
+++ b/settings/js/personal.js
@@ -52,14 +52,17 @@ $(document).ready(function(){
                        $('#passwordchanged').hide();
                        $('#passworderror').hide();
                        // Ajax foo
-                       $.post( 'ajax/changepassword.php', post, function(data){
+                       $.post(OC.Router.generate('settings_ajax_changepersonalpassword'), post, function(data){
                                if( data.status === "success" ){
                                        $('#pass1').val('');
                                        $('#pass2').val('');
                                        $('#passwordchanged').show();
-                               }
-                               else{
-                                       $('#passworderror').html( data.data.message );
+                               } else{
+                                       if (typeof(data.data) !== "undefined") {
+                                               $('#passworderror').html(data.data.message);
+                                       } else {
+                                               $('#passworderror').html(t('Unable to change password'));
+                                       }
                                        $('#passworderror').show();
                                }
                        });

diff --git a/settings/js/users.js b/settings/js/users.js
index ab08d7099c6160d49ec61bca85bf833ce69519d7..e3e749a312ea19c3c6ebbf422c6af8da8f4196b2 100644 (file)
--- a/settings/js/users.js
+++ b/settings/js/users.js
@@ -361,7 +361,7 @@ $(document).ready(function () {
                                if ($(this).val().length > 0) {
                                        var recoveryPasswordVal = $('input:password[id="recoveryPassword"]').val();
                                        $.post(
-                                               OC.filePath('settings', 'ajax', 'changepassword.php'),
+                                               OC.Router.generate('settings_ajax_changepassword'),
                                                {username: uid, password: $(this).val(), recoveryPassword: recoveryPasswordVal},
                                                function (result) {
                                                        if (result.status != 'success') {

diff --git a/settings/routes.php b/settings/routes.php
index 73ee70d1d5cbca819c9014ff32968152857270be..af1c70ea44dcd46bcc3253211121c59661f870ae 100644 (file)
--- a/settings/routes.php
+++ b/settings/routes.php
@@ -39,6 +39,8 @@ $this->create('settings_ajax_removegroup', '/settings/ajax/removegroup.php')
        ->actionInclude('settings/ajax/removegroup.php');
 $this->create('settings_ajax_changepassword', '/settings/ajax/changepassword.php')
        ->actionInclude('settings/ajax/changepassword.php');
+$this->create('settings_ajax_changepersonalpassword', '/settings/ajax/changepersonalpassword.php')
+        ->actionInclude('settings/ajax/changepersonalpassword.php');
 $this->create('settings_ajax_changedisplayname', '/settings/ajax/changedisplayname.php')
        ->actionInclude('settings/ajax/changedisplayname.php');
 // personel