Fix for #10401 to allow you to chaneg your own password if using user section & fixes notification errors to be displayed in the UI (#10422)

2021-06-15 12:57:14 +01:00
parent 0c3db013d5
commit 067395b0ff
1 changed files with 4 additions and 4 deletions
--- a/src/Umbraco.Web.BackOffice/Controllers/UsersController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/UsersController.cs
@@ -680,15 +680,15 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers

            IUser currentUser = _backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser;

-            // if it's the current user, the current user cannot reset their own password
-            if (currentUser.Username == found.Username)
+            // if it's the current user, the current user cannot reset their own password without providing their old password
+            if (currentUser.Username == found.Username && string.IsNullOrEmpty(changingPasswordModel.OldPassword))
            {
-                return new ValidationErrorResult("Password reset is not allowed");
+                return ValidationErrorResult.CreateNotificationValidationErrorResult("Password reset is not allowed without providing old password");
            }

            if (!currentUser.IsAdmin() && found.IsAdmin())
            {
-                return new ValidationErrorResult("The current user cannot change the password for the specified user");
+                return ValidationErrorResult.CreateNotificationValidationErrorResult("The current user cannot change the password for the specified user");
            }

            Attempt<PasswordChangedModel> passwordChangeResult = await _passwordChanger.ChangePasswordWithIdentityAsync(changingPasswordModel, _userManager);