Require old password on password change

10 years ago · fa95bfb8ba
parent 843028c5d7
commit fa95bfb8ba
5 changed files with 54 additions and 33 deletions
--- a/client/views/account/accountProfile.coffee
+++ b/client/views/account/accountProfile.coffee
@ -19,36 +19,53 @@ Template.accountProfile.onCreated ->

 	@clearForm = ->
 		@find('#language').value = localStorage.getItem('userLanguage')
+		@find('#oldPassword').value = ''
 		@find('#password').value = ''

+	@changePassword = (oldPassword, newPassword, callback) ->
+		if not oldPassword and not newPassword
+			return callback()
+
+		else if !!oldPassword ^ !!newPassword
+			toastr.warning t('Old_and_new_password_required')
+
+		else if newPassword and oldPassword
+			Accounts.changePassword oldPassword, newPassword, (error) ->
+				if error
+					toastr.error t('Incorrect_Password')
+				else
+					return callback()
+
 	@save = ->
 		instance = @
-		data = {}
-		reload = false
-		selectedLanguage = $('#language').val()
-
-		if localStorage.getItem('userLanguage') isnt selectedLanguage
-			localStorage.setItem 'userLanguage', selectedLanguage
-			data.language = selectedLanguage
-			reload = true
-
-		if _.trim $('#password').val()
-			data.password = _.trim $('#password').val()
-
-		if _.trim $('#username').val()
-			data.username = _.trim $('#username').val()
-
-		Meteor.call 'saveUserProfile', data, (error, results) ->
-			if results
-				toastr.success t('Profile_saved_successfully')
-				instance.clearForm()
-				if reload
-					setTimeout ->
-						Meteor._reload.reload()
-					, 1000
-
-			if error
-				toastr.error error.reason
+
+		oldPassword = _.trim($('#oldPassword').val())
+		newPassword = _.trim($('#password').val())
+
+		instance.changePassword oldPassword, newPassword, ->
+			data = {}
+			reload = false
+			selectedLanguage = $('#language').val()
+
+			if localStorage.getItem('userLanguage') isnt selectedLanguage
+				localStorage.setItem 'userLanguage', selectedLanguage
+				data.language = selectedLanguage
+				reload = true
+
+			if _.trim $('#username').val()
+				data.username = _.trim $('#username').val()
+
+			Meteor.call 'saveUserProfile', data, (error, results) ->
+				if results
+					toastr.success t('Profile_saved_successfully')
+					instance.clearForm()
+					if reload
+						setTimeout ->
+							Meteor._reload.reload()
+						, 1000
+
+				if error
+					toastr.error error.reason

 Template.accountProfile.onRendered ->
 	Tracker.afterFlush ->
--- a/client/views/account/accountProfile.html
+++ b/client/views/account/accountProfile.html
@ -15,6 +15,12 @@
 							<input type="text" name="username" id="username" placeholder="{{username}}" />
 						</div>
 					</div>
+					<div class="input-line">
+						<label for="password">{{_ "Old_Password"}}</label>
+						<div>
+							<input type="password" name="oldPassword" id="oldPassword" />
+						</div>
+					</div>
 					<div class="input-line">
 						<label for="password">{{_ "Password"}}</label>
 						<div>
--- a/i18n/en.i18n.json
+++ b/i18n/en.i18n.json
@ -119,6 +119,7 @@
  "Hide_room" : "Hide room",
  "History" : "History",
  "hours" : "hours",
+  "Incorrect_Password" : "Incorrect Password",
  "inline_code" : "inline_code",
  "Invalid_confirm_pass" : "The password confirmation does not match password",
  "Invalid_email" : "The e-mail entered is invalid",
@ -213,6 +214,8 @@
  "Not_found_or_not_allowed" : "Not Found or Not Allowed",
  "Nothing_found" : "Nothing found",
  "Notify_all_in_this_room" : "Notify all in this room",
+  "Old_Password" : "Old Password",
+  "Old_and_new_password_required" : "You need to provide both old and new password for changing your password.",
  "Only_you_can_see_this_message" : "Only you can see this message",
  "Online" : "Online",
  "Oops!" : "Oops",
--- a/server/methods/saveUserProfile.coffee
+++ b/server/methods/saveUserProfile.coffee
@ -4,8 +4,8 @@ Meteor.methods
 			if settings.language?
 				RocketChat.models.Users.setLanguage Meteor.userId(), settings.language

-			if settings.password?
-				Accounts.setPassword Meteor.userId(), settings.password, { logout: false }
+			# if settings.password?
+			# 	Accounts.setPassword Meteor.userId(), settings.password, { logout: false }

 			if settings.username?
 				Meteor.call 'setUsername', settings.username
--- a/server/methods/setPassword.coffee
+++ b/server/methods/setPassword.coffee
@ -1,5 +0,0 @@
-Meteor.methods
-	setPassword: (password) ->
-		if Meteor.userId()
-			Accounts.setPassword Meteor.userId(), password, { logout: false }
-			return true