verify user password on change

author: Bjoern Schiessle <bjoern@schiessle.org> 2016-06-27 11:30:13 +0200
committer: Bjoern Schiessle <bjoern@schiessle.org> 2016-06-27 14:08:11 +0200
commit: 2a990a0db5199ac842b50b580300bbeb2d2e794c (patch)
tree: ad76ae23635def5b724005ae6b13b25d6b3d4def /settings/ChangePassword
parent: d4989c80379d4cac71ae76ec8df79090f2e4c25f (diff)
download: nextcloud-server-2a990a0db5199ac842b50b580300bbeb2d2e794c.tar.gz
nextcloud-server-2a990a0db5199ac842b50b580300bbeb2d2e794c.zip
1 files changed, 21 insertions, 10 deletions
diff --git a/settings/ChangePassword/Controller.php b/settings/ChangePassword/Controller.php
index 1f3ea1b446a..94fb1e4e7a2 100644
--- a/settings/ChangePassword/Controller.php
+++ b/settings/ChangePassword/Controller.php
@@ -30,6 +30,8 @@
  */
 namespace OC\Settings\ChangePassword;
 
+use OC\HintException;
+
 class Controller {
 	public static function changePersonalPassword($args) {
 		// Check if we are an user
@@ -39,17 +41,22 @@ class Controller {
 		$username = \OC_User::getUser();
 		$password = isset($_POST['personal-password']) ? $_POST['personal-password'] : null;
 		$oldPassword = isset($_POST['oldpassword']) ? $_POST['oldpassword'] : '';
+		$l = new \OC_L10n('settings');
 
 		if (!\OC_User::checkPassword($username, $oldPassword)) {
-			$l = new \OC_L10n('settings');
 			\OC_JSON::error(array("data" => array("message" => $l->t("Wrong password")) ));
 			exit();
 		}
-		if (!is_null($password) && \OC_User::setPassword($username, $password)) {
-			\OC::$server->getUserSession()->updateSessionTokenPassword($password);
-			\OC_JSON::success();
-		} else {
-			\OC_JSON::error();
+
+		try {
+			if (!is_null($password) && \OC_User::setPassword($username, $password)) {
+				\OC::$server->getUserSession()->updateSessionTokenPassword($password);
+				\OC_JSON::success(['data' => ['message' => $l->t('Saved')]]);
+			} else {
+				\OC_JSON::error();
+			}
+		} catch (HintException $e) {
+			\OC_JSON::error(['data' => ['message' => $e->getHint()]]);
 		}
 	}
 
@@ -150,10 +157,14 @@ class Controller {
 
 			}
 		} else { // if encryption is disabled, proceed
-			if (!is_null($password) && \OC_User::setPassword($username, $password)) {
-				\OC_JSON::success(array('data' => array('username' => $username)));
-			} else {
-				\OC_JSON::error(array('data' => array('message' => $l->t('Unable to change password'))));
+			try {
+				if (!is_null($password) && \OC_User::setPassword($username, $password)) {
+					\OC_JSON::success(array('data' => array('username' => $username)));
+				} else {
+					\OC_JSON::error(array('data' => array('message' => $l->t('Unable to change password'))));
+				}
+			} catch (HintException $e) {
+				\OC_JSON::error(array('data' => array('message' => $e->getHint())));
 			}
 		}
 	}
author	Bjoern Schiessle <bjoern@schiessle.org>	2016-06-27 11:30:13 +0200
committer	Bjoern Schiessle <bjoern@schiessle.org>	2016-06-27 14:08:11 +0200
commit	2a990a0db5199ac842b50b580300bbeb2d2e794c (patch)
tree	ad76ae23635def5b724005ae6b13b25d6b3d4def /settings/ChangePassword
parent	d4989c80379d4cac71ae76ec8df79090f2e4c25f (diff)
download	nextcloud-server-2a990a0db5199ac842b50b580300bbeb2d2e794c.tar.gz nextcloud-server-2a990a0db5199ac842b50b580300bbeb2d2e794c.zip