Properly catch password policy hint for personal page password changes

author Morris Jobke <hey@morrisjobke.de>

Thu, 6 Oct 2016 08:24:02 +0000 (10:24 +0200)

committer Morris Jobke <hey@morrisjobke.de>

Thu, 6 Oct 2016 08:55:33 +0000 (10:55 +0200)
author Morris Jobke <hey@morrisjobke.de>
Thu, 6 Oct 2016 08:24:02 +0000 (10:24 +0200)
committer Morris Jobke <hey@morrisjobke.de>
Thu, 6 Oct 2016 08:55:33 +0000 (10:55 +0200)
diff --git a/settings/Controller/ChangePasswordController.php b/settings/Controller/ChangePasswordController.php

index df170b62f1a1b068fe0a988a8deba490bd89efc9..f709a8dd4318c81ba88c8794198e035971b79d23 100644 (file)
--- a/settings/Controller/ChangePasswordController.php
+++ b/settings/Controller/ChangePasswordController.php
@@ -91,6 +91,7 @@ class ChangePasswordController extends Controller {
          * @return JSONResponse
          */
         public function changePersonalPassword($oldpassword = '', $newpassword = null) {
+               /** @var IUser $user */
                 $user = $this->userManager->checkPassword($this->userId, $oldpassword);
                 if ($user === false) {
                         return new JSONResponse([
@@ -101,10 +102,19 @@ class ChangePasswordController extends Controller {
                         ]);
                 }
  
-               /** @var IUser $user */
-               if ($newpassword === null || $user->setPassword($newpassword) === false) {
+               try {
+                       if ($newpassword === null || $user->setPassword($newpassword) === false) {
+                               return new JSONResponse([
+                                       'status' => 'error'
+                               ]);
+                       }
+               // password policy app throws exception
+               } catch(HintException $e) {
                         return new JSONResponse([
-                               'status' => 'error'
+                               'status' => 'error',
+                               'data' => [
+                                       'message' => $e->getHint(),
+                               ],
                         ]);
                 }
  
@@ -216,7 +226,17 @@ class ChangePasswordController extends Controller {
                                         ]
                                 ]);
                         } else { // now we know that everything is fine regarding the recovery password, let's try to change the password
-                               $result = $targetUser->setPassword($password, $recoveryPassword);
+                               try {
+                                       $result = $targetUser->setPassword($password, $recoveryPassword);
+                               // password policy app throws exception
+                               } catch(HintException $e) {
+                                       return new JSONResponse([
+                                               'status' => 'error',
+                                               'data' => [
+                                                       'message' => $e->getHint(),
+                                               ],
+                                       ]);
+                               }
                                 if (!$result && $recoveryEnabledForUser) {
                                         return new JSONResponse([
                                                 'status' => 'error',
diff --git a/tests/Core/Controller/ChangePasswordControllerTest.php b/tests/Core/Controller/ChangePasswordControllerTest.php

index 8dd4ca8db95f74f4cc7f235ec8635accf8bac904..869ef98b514d670d355cf4c3c066e4f100b8813f 100644 (file)
--- a/tests/Core/Controller/ChangePasswordControllerTest.php
+++ b/tests/Core/Controller/ChangePasswordControllerTest.php
@@ -21,6 +21,7 @@
   */
  namespace Tests\Core\Controller;
  
+use OC\HintException;
  use OC\Settings\Controller\ChangePasswordController;
  use OC\User\Session;
  use OCP\App\IAppManager;
@@ -94,6 +95,30 @@ class ChangePasswordControllerTest extends \Test\TestCase {
                 $this->assertEquals($expects, $res->getData());
         }
  
+       public function testChangePersonalPasswordCommonPassword() {
+               $user = $this->getMockBuilder('OCP\IUser')->getMock();
+               $this->userManager->expects($this->once())
+                       ->method('checkPassword')
+                       ->with($this->userId, 'old')
+                       ->willReturn($user);
+
+               $user->expects($this->once())
+                       ->method('setPassword')
+                       ->with('new')
+                       ->will($this->throwException(new HintException('Common password')));
+
+               $expects = [
+                       'status' => 'error',
+                       'data' => [
+                               'message' => 'Common password',
+                       ],
+               ];
+
+               $res = $this->controller->changePersonalPassword('old', 'new');
+
+               $this->assertEquals($expects, $res->getData());
+       }
+
         public function testChangePersonalPasswordNoNewPassword() {
                 $user = $this->getMockBuilder('OCP\IUser')->getMock();
                 $this->userManager->expects($this->once())
author	Morris Jobke <hey@morrisjobke.de>
	Thu, 6 Oct 2016 08:24:02 +0000 (10:24 +0200)
committer	Morris Jobke <hey@morrisjobke.de>
	Thu, 6 Oct 2016 08:55:33 +0000 (10:55 +0200)
settings/Controller/ChangePasswordController.php		patch \| blob \| history
tests/Core/Controller/ChangePasswordControllerTest.php		patch \| blob \| history