Alter backend to check password period, not just for password changes.
Add form elements for asking for current password to JSPac.
Add handling for said form elements where needed.
Signed-off-by: Thomas Berezansky <tsbere@mvlc.org>
Signed-off-by: Bill Erickson <berick@esilibrary.com>
desc => "Update the operator's username",
params => [
{ desc => 'Authentication token', type => 'string' },
- { desc => 'New username', type => 'string' }
+ { desc => 'New username', type => 'string' },
+ { desc => 'Current password', type => 'string' }
],
- return => {desc => '1 on success, Event on error'}
+ return => {desc => '1 on success, Event on error or incorrect current password'}
}
);
desc => "Update the operator's email address",
params => [
{ desc => 'Authentication token', type => 'string' },
- { desc => 'New email address', type => 'string' }
+ { desc => 'New email address', type => 'string' },
+ { desc => 'Current password', type => 'string' }
],
- return => {desc => '1 on success, Event on error'}
+ return => {desc => '1 on success, Event on error or incorrect current password'}
}
);
or return $e->die_event;
my $api = $self->api_name;
+ # make sure the original password matches the in-database password
+ if (md5_hex($orig_pw) ne $db_user->passwd) {
+ $e->rollback;
+ return new OpenILS::Event('INCORRECT_PASSWORD');
+ }
+
if( $api =~ /password/o ) {
- # make sure the original password matches the in-database password
- if (md5_hex($orig_pw) ne $db_user->passwd) {
- $e->rollback;
- return new OpenILS::Event('INCORRECT_PASSWORD');
- }
+
$db_user->passwd($new_val);
} else {
function myOPACUpdateUsername() {
var username = $('myopac_new_username').value;
+ var curpassword = $('myopac_username_current_password').value;
if(username == null || username == "") {
alert($('myopac_username_error').innerHTML);
return;
return;
}
- var req = new Request(UPDATE_USERNAME, G.user.session, username );
+ var req = new Request(UPDATE_USERNAME, G.user.session, username, curpassword );
req.send(true);
if(req.result()) {
function myOPACUpdateEmail() {
var email = $('myopac_new_email').value;
+ var curpassword = $('myopac_email_current_password').value;
if(email == null || email == "") {
alert($('myopac_email_error').innerHTML);
return;
}
- var req = new Request(UPDATE_EMAIL, G.user.session, email );
+ var req = new Request(UPDATE_EMAIL, G.user.session, email, curpassword );
req.send(true);
if(req.result()) {
G.user.email(email);
<td class='color_4 light_border'>&common.username;</td>
<td class='light_border' id='myopac_summary_username'> </td>
<td class='light_border'><a href='javascript:void(0);'
- onclick='unHideMe($("myopac_update_username_row"));$("myopac_new_username").focus();'
+ onclick='unHideMe($("myopac_update_username_row"));$("myopac_username_current_password").focus();'
id='myopac_summary_username_change' style='text-decoration: underline;'>&myopac.summary.change;</a></td>
</tr>
<tr id='myopac_update_username_row' class='hide_me'>
<td class='myopac_update_cell' colspan='3'>
- <span class='myopac_update_span'>&myopac.summary.username.enter; </span>
- <input type='text' size='24' id='myopac_new_username'
- onkeydown='if(userPressedEnter(event)) myOPACUpdateUsername();' />
+
+ <table><tbody>
+ <tr>
+ <td><span class='myopac_update_span'>&myopac.summary.password.current; </span></td>
+ <td><input type='password' size='24' id='myopac_username_current_password'
+ onkeydown='if(userPressedEnter(event)) myOPACUpdateUsername();' /></td>
+ </tr>
+ <tr>
+ <td><span class='myopac_update_span'>&myopac.summary.username.enter; </span></td>
+ <td><input type='text' size='24' id='myopac_new_username'
+ onkeydown='if(userPressedEnter(event)) myOPACUpdateUsername();' /></td>
+ </tr>
+ </tbody></table>
+
<span class='myopac_update_span'>
<button onclick='myOPACUpdateUsername();'>&common.submit;</button>
</span>
<td class='color_4 light_border'>&myopac.summary.email;</td>
<td class='light_border' id='myopac_summary_email'> </td>
<td class='light_border'><a href='javascript:void(0);'
- onclick='unHideMe($("myopac_update_email_row"));$("myopac_new_email").focus();'
+ onclick='unHideMe($("myopac_update_email_row"));$("myopac_email_current_password").focus();'
id='myopac_summary_email_change' style='text-decoration: underline;'>&myopac.summary.change;</a></td>
</tr>
<tr id='myopac_update_email_row' class='hide_me'>
<td class='myopac_update_cell' colspan='3'>
- <span class='myopac_update_span'>&myopac.summary.email.new; </span>
- <input type='text' size='24' id='myopac_new_email'
- onkeydown='if(userPressedEnter(event)) myOPACUpdateEmail();' />
+
+ <table><tbody>
+ <tr>
+ <td><span class='myopac_update_span'>&myopac.summary.password.current; </span></td>
+ <td><input type='password' size='24' id='myopac_email_current_password'
+ onkeydown='if(userPressedEnter(event)) myOPACUpdateEmail();' /></td>
+ </tr>
+ <tr>
+ <td><span class='myopac_update_span'>&myopac.summary.email.new; </span></td>
+ <td><input type='text' size='24' id='myopac_new_email'
+ onkeydown='if(userPressedEnter(event)) myOPACUpdateEmail();' /></td>
+ </tr>
+ </tbody></table>
+
<span class='myopac_update_span'>
<button onclick='myOPACUpdateEmail();'>&common.submit;</button>
</span>
projects / Evergreen.git / commitdiff