Split personal and user-mgmt password change logic

5 files changed, 52 insertions, 23 deletions

diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php
index 47ceb5ab873..41f0fa2f2fd 100644
--- a/settings/ajax/changepassword.php
+++ b/settings/ajax/changepassword.php
@@ -1,34 +1,34 @@
 <?php
 
-// Check if we are a user
-OCP\JSON::callCheck();
+// Check if we are an user
+OC_JSON::callCheck();
 OC_JSON::checkLoggedIn();
 
 // Manually load apps to ensure hooks work correctly (workaround for issue 1503)
-OC_APP::loadApps();
+OC_App::loadApps();
 
-$username = isset($_POST['username']) ? $_POST['username'] : OC_User::getUser();
-$password = isset($_POST['personal-password']) ? $_POST['personal-password'] : null;
-$oldPassword = isset($_POST['oldpassword']) ? $_POST['oldpassword'] : '';
+if (isset($_POST['username'])) {
+	$username = $_POST['username'];
+} else {
+	$l = new \OC_L10n('settings');
+	OC_JSON::error(array('data' => array('message' => $l->t('No user supplied')) ));
+	exit();
+}
+
+$password = isset($_POST['password']) ? $_POST['password'] : null;
 $recoveryPassword = isset($_POST['recoveryPassword']) ? $_POST['recoveryPassword'] : null;
 
-$userstatus = null;
 if (OC_User::isAdminUser(OC_User::getUser())) {
 	$userstatus = 'admin';
-}
-if (OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) {
+} elseif (OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) {
 	$userstatus = 'subadmin';
-}
-if (OC_User::getUser() === $username && OC_User::checkPassword($username, $oldPassword)) {
-	$userstatus = 'user';
-}
-
-if (is_null($userstatus)) {
-	OC_JSON::error(array('data' => array('message' => 'Authentication error')));
+} else {
+	$l = new \OC_L10n('settings');
+	OC_JSON::error(array('data' => array('message' => $l->t('Authentication error')) ));
 	exit();
 }
 
-if (\OCP\App::isEnabled('files_encryption') && $userstatus !== 'user') {
+if (\OC_App::isEnabled('files_encryption')) {
 	//handle the recovery case
 	$util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), $username);
 	$recoveryAdminEnabled = OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled');
@@ -55,7 +55,7 @@ if (\OCP\App::isEnabled('files_encryption') && $userstatus !== 'user') {
 	}
 
 	}
-} else { // if user changes his own password or if encryption is disabled, proceed
+} else { // if encryption is disabled, proceed
 	if (!is_null($password) && OC_User::setPassword($username, $password)) {
 		OC_JSON::success(array('data' => array('username' => $username)));
 	} else {
diff --git a/settings/ajax/changepersonalpassword.php b/settings/ajax/changepersonalpassword.php
new file mode 100644
index 00000000000..6c3f5d599ac
--- /dev/null
+++ b/settings/ajax/changepersonalpassword.php
@@ -0,0 +1,24 @@
+<?php
+
+// Check if we are an user
+OC_JSON::callCheck();
+OC_JSON::checkLoggedIn();
+
+// Manually load apps to ensure hooks work correctly (workaround for issue 1503)
+OC_App::loadApps();
+
+$username = OC_User::getUser();
+$password = isset($_POST['personal-password']) ? $_POST['personal-password'] : null;
+$oldPassword = isset($_POST['oldpassword']) ? $_POST['oldpassword'] : '';
+$recoveryPassword = isset($_POST['recoveryPassword']) ? $_POST['recoveryPassword'] : null;
+
+if (!OC_User::checkPassword($username, $oldPassword)) {
+	$l = new \OC_L10n('settings');
+	OC_JSON::error(array("data" => array("message" => $l->t("Wrong password")) ));
+	exit();
+}
+if (!is_null($password) && OC_User::setPassword($username, $password)) {
+	OC_JSON::success();
+} else {
+	OC_JSON::error();
+}
diff --git a/settings/js/personal.js b/settings/js/personal.js
index 8ad26c086b5..8cf4754f793 100644
--- a/settings/js/personal.js
+++ b/settings/js/personal.js
@@ -52,14 +52,17 @@ $(document).ready(function(){
 			$('#passwordchanged').hide();
 			$('#passworderror').hide();
 			// Ajax foo
-			$.post( 'ajax/changepassword.php', post, function(data){
+			$.post(OC.Router.generate('settings_ajax_changepersonalpassword'), post, function(data){
 				if( data.status === "success" ){
 					$('#pass1').val('');
 					$('#pass2').val('');
 					$('#passwordchanged').show();
-				}
-				else{
-					$('#passworderror').html( data.data.message );
+				} else{
+					if (typeof(data.data) !== "undefined") {
+						$('#passworderror').html(data.data.message);
+					} else {
+						$('#passworderror').html(t('Unable to change password'));
+					}
 					$('#passworderror').show();
 				}
 			});
diff --git a/settings/js/users.js b/settings/js/users.js
index ab08d7099c6..e3e749a312e 100644
--- a/settings/js/users.js
+++ b/settings/js/users.js
@@ -361,7 +361,7 @@ $(document).ready(function () {
 				if ($(this).val().length > 0) {
 					var recoveryPasswordVal = $('input:password[id="recoveryPassword"]').val();
 					$.post(
-						OC.filePath('settings', 'ajax', 'changepassword.php'),
+						OC.Router.generate('settings_ajax_changepassword'),
 						{username: uid, password: $(this).val(), recoveryPassword: recoveryPasswordVal},
 						function (result) {
 							if (result.status != 'success') {
diff --git a/settings/routes.php b/settings/routes.php
index 73ee70d1d5c..af1c70ea44d 100644
--- a/settings/routes.php
+++ b/settings/routes.php
@@ -39,6 +39,8 @@ $this->create('settings_ajax_removegroup', '/settings/ajax/removegroup.php')
 	->actionInclude('settings/ajax/removegroup.php');
 $this->create('settings_ajax_changepassword', '/settings/ajax/changepassword.php')
 	->actionInclude('settings/ajax/changepassword.php');
+$this->create('settings_ajax_changepersonalpassword', '/settings/ajax/changepersonalpassword.php')
+        ->actionInclude('settings/ajax/changepersonalpassword.php');
 $this->create('settings_ajax_changedisplayname', '/settings/ajax/changedisplayname.php')
 	->actionInclude('settings/ajax/changedisplayname.php');
 // personel