SONAR-7011 For admin, it is impossible to change its own password in the "Users" page

3 files changed, 25 insertions, 6 deletions

diff --git a/server/sonar-web/src/main/js/apps/users/change-password-view.js b/server/sonar-web/src/main/js/apps/users/change-password-view.js
index 27cc8b34c8f..19c2176aa8b 100644
--- a/server/sonar-web/src/main/js/apps/users/change-password-view.js
+++ b/server/sonar-web/src/main/js/apps/users/change-password-view.js
@@ -30,6 +30,7 @@ export default ModalForm.extend({
 
   sendRequest: function () {
     var that = this,
+        oldPassword = this.$('#change-user-password-old-password').val(),
         password = this.$('#change-user-password-password').val(),
         confirmation = this.$('#change-user-password-password-confirmation').val();
     if (password !== confirmation) {
@@ -37,7 +38,7 @@ export default ModalForm.extend({
       return;
     }
     this.disableForm();
-    return this.model.changePassword(password, {
+    return this.model.changePassword(oldPassword, password, {
       statusCode: {
         // do not show global error
         400: null
@@ -48,6 +49,12 @@ export default ModalForm.extend({
       that.enableForm();
       that.showErrors(jqXHR.responseJSON.errors, jqXHR.responseJSON.warnings);
     });
+  },
+
+  serializeData: function () {
+    return Object.assign({}, ModalForm.prototype.serializeData.apply(this, arguments), {
+      isOwnPassword: window.SS.user === this.model.id
+    });
   }
 });
 
diff --git a/server/sonar-web/src/main/js/apps/users/templates/users-change-password.hbs b/server/sonar-web/src/main/js/apps/users/templates/users-change-password.hbs
index 22684806543..90b7c8cb138 100644
--- a/server/sonar-web/src/main/js/apps/users/templates/users-change-password.hbs
+++ b/server/sonar-web/src/main/js/apps/users/templates/users-change-password.hbs
@@ -4,6 +4,14 @@
   </div>
   <div class="modal-body">
     <div class="js-modal-messages"></div>
+    {{#if isOwnPassword}}
+      <div class="modal-field">
+        <label for="change-user-password-old-password">Old Password<em class="mandatory">*</em></label>
+        {{! keep this fake field to hack browser autofill }}
+        <input id="change-user-password-old-password-fake" name="old-password-fake" type="password" class="hidden">
+        <input id="change-user-password-old-password" name="old-password" type="password" size="50" maxlength="50" required>
+      </div>
+    {{/if}}
     <div class="modal-field">
       <label for="change-user-password-password">New Password<em class="mandatory">*</em></label>
       {{! keep this fake field to hack browser autofill }}
diff --git a/server/sonar-web/src/main/js/apps/users/user.js b/server/sonar-web/src/main/js/apps/users/user.js
index 1b10cd39f45..ef4406966d1 100644
--- a/server/sonar-web/src/main/js/apps/users/user.js
+++ b/server/sonar-web/src/main/js/apps/users/user.js
@@ -75,14 +75,18 @@ export default Backbone.Model.extend({
     return Backbone.ajax(opts);
   },
 
-  changePassword: function (password, options) {
+  changePassword: function (oldPassword, password, options) {
+    const data = {
+      login: this.id,
+      password: password
+    };
+    if (oldPassword != null) {
+      data.previousPassword = oldPassword;
+    }
     var opts = _.defaults(options || {}, {
       url: this.urlRoot() + '/change_password',
       type: 'POST',
-      data: {
-        login: this.id,
-        password: password
-      }
+      data: data
     });
     return Backbone.ajax(opts);
   }