Merge pull request #1634 from nextcloud/fix-password-policy-hint
Properly catch password policy hint for personal page password changes
This commit is contained in:
Joas Schilling
GitHub
commit
4873f0800b
|
|
@ -91,6 +91,7 @@ class ChangePasswordController extends Controller {
|
|||
* @return JSONResponse
|
||||
*/
|
||||
public function changePersonalPassword($oldpassword = '', $newpassword = null) {
|
||||
/** @var IUser $user */
|
||||
$user = $this->userManager->checkPassword($this->userId, $oldpassword);
|
||||
if ($user === false) {
|
||||
return new JSONResponse([
|
||||
|
|
@ -101,10 +102,19 @@ class ChangePasswordController extends Controller {
|
|||
]);
|
||||
}
|
||||
|
||||
/** @var IUser $user */
|
||||
if ($newpassword === null || $user->setPassword($newpassword) === false) {
|
||||
try {
|
||||
if ($newpassword === null || $user->setPassword($newpassword) === false) {
|
||||
return new JSONResponse([
|
||||
'status' => 'error'
|
||||
]);
|
||||
}
|
||||
// password policy app throws exception
|
||||
} catch(HintException $e) {
|
||||
return new JSONResponse([
|
||||
'status' => 'error'
|
||||
'status' => 'error',
|
||||
'data' => [
|
||||
'message' => $e->getHint(),
|
||||
],
|
||||
]);
|
||||
}
|
||||
|
||||
|
|
@ -216,7 +226,17 @@ class ChangePasswordController extends Controller {
|
|||
]
|
||||
]);
|
||||
} else { // now we know that everything is fine regarding the recovery password, let's try to change the password
|
||||
$result = $targetUser->setPassword($password, $recoveryPassword);
|
||||
try {
|
||||
$result = $targetUser->setPassword($password, $recoveryPassword);
|
||||
// password policy app throws exception
|
||||
} catch(HintException $e) {
|
||||
return new JSONResponse([
|
||||
'status' => 'error',
|
||||
'data' => [
|
||||
'message' => $e->getHint(),
|
||||
],
|
||||
]);
|
||||
}
|
||||
if (!$result && $recoveryEnabledForUser) {
|
||||
return new JSONResponse([
|
||||
'status' => 'error',
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@
|
|||
*/
|
||||
namespace Tests\Core\Controller;
|
||||
|
||||
use OC\HintException;
|
||||
use OC\Settings\Controller\ChangePasswordController;
|
||||
use OC\User\Session;
|
||||
use OCP\App\IAppManager;
|
||||
|
|
@ -94,6 +95,30 @@ class ChangePasswordControllerTest extends \Test\TestCase {
|
|||
$this->assertEquals($expects, $res->getData());
|
||||
}
|
||||
|
||||
public function testChangePersonalPasswordCommonPassword() {
|
||||
$user = $this->getMockBuilder('OCP\IUser')->getMock();
|
||||
$this->userManager->expects($this->once())
|
||||
->method('checkPassword')
|
||||
->with($this->userId, 'old')
|
||||
->willReturn($user);
|
||||
|
||||
$user->expects($this->once())
|
||||
->method('setPassword')
|
||||
->with('new')
|
||||
->will($this->throwException(new HintException('Common password')));
|
||||
|
||||
$expects = [
|
||||
'status' => 'error',
|
||||
'data' => [
|
||||
'message' => 'Common password',
|
||||
],
|
||||
];
|
||||
|
||||
$res = $this->controller->changePersonalPassword('old', 'new');
|
||||
|
||||
$this->assertEquals($expects, $res->getData());
|
||||
}
|
||||
|
||||
public function testChangePersonalPasswordNoNewPassword() {
|
||||
$user = $this->getMockBuilder('OCP\IUser')->getMock();
|
||||
$this->userManager->expects($this->once())
|
||||
|
|
|
|||
Loading…
Reference in New Issue