From 067395b0ff3715a0a2c3fcba8b101c4d48077ebf Mon Sep 17 00:00:00 2001 From: Warren Buckley Date: Tue, 15 Jun 2021 12:57:14 +0100 Subject: [PATCH] Fix for #10401 to allow you to chaneg your own password if using user section & fixes notification errors to be displayed in the UI (#10422) --- src/Umbraco.Web.BackOffice/Controllers/UsersController.cs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Umbraco.Web.BackOffice/Controllers/UsersController.cs b/src/Umbraco.Web.BackOffice/Controllers/UsersController.cs index cdd00913e7..19def88456 100644 --- a/src/Umbraco.Web.BackOffice/Controllers/UsersController.cs +++ b/src/Umbraco.Web.BackOffice/Controllers/UsersController.cs @@ -680,15 +680,15 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers IUser currentUser = _backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser; - // if it's the current user, the current user cannot reset their own password - if (currentUser.Username == found.Username) + // if it's the current user, the current user cannot reset their own password without providing their old password + if (currentUser.Username == found.Username && string.IsNullOrEmpty(changingPasswordModel.OldPassword)) { - return new ValidationErrorResult("Password reset is not allowed"); + return ValidationErrorResult.CreateNotificationValidationErrorResult("Password reset is not allowed without providing old password"); } if (!currentUser.IsAdmin() && found.IsAdmin()) { - return new ValidationErrorResult("The current user cannot change the password for the specified user"); + return ValidationErrorResult.CreateNotificationValidationErrorResult("The current user cannot change the password for the specified user"); } Attempt passwordChangeResult = await _passwordChanger.ChangePasswordWithIdentityAsync(changingPasswordModel, _userManager);