User password change dashboard

2013-09-16 14:50:56 +02:00
parent b6d00cca63
commit fdfb019ea7
8 changed files with 108 additions and 29 deletions
--- a/src/Umbraco.Web.UI.Client/src/common/resources/user.resource.js
+++ b/src/Umbraco.Web.UI.Client/src/common/resources/user.resource.js
@@ -68,6 +68,36 @@ function userResource($q, $http, umbRequestHelper) {
                       "userApiBaseUrl",
                       "GetAll")),
               'Failed to retreive all users');
+        },
+
+        /**
+         * @ngdoc method
+         * @name umbraco.resources.userResource#changePassword
+         * @methodOf umbraco.resources.userResource
+         *
+         * @description
+         * Changes the current users password
+         *
+         * ##usage
+         * <pre>
+         * contentResource.getAll()
+         *    .then(function(userArray) {
+         *        var myUsers = userArray; 
+         *        alert('they are here!');
+         *    });
+         * </pre> 
+         * 
+         * @returns {Promise} resourcePromise object containing the user array.
+         *
+         */
+        changePassword: function (oldPassword, newPassword) {
+            return umbRequestHelper.resourcePromise(
+               $http.post(
+                   umbRequestHelper.getApiUrl(
+                       "userApiBaseUrl",
+                       "PostChangePassword"),
+                       { oldPassword: oldPassword, newPassword: newPassword }),
+               'Failed to change password');
        }
    };
 }
--- a/src/Umbraco.Web.UI.Client/src/common/services/user.service.js
+++ b/src/Umbraco.Web.UI.Client/src/common/services/user.service.js
@@ -72,7 +72,6 @@ angular.module('umbraco.services')
        },

        logout: function () {
-            
            return authResource.performLogout()
                .then(function (data) {                   
                    currentUser = null;
--- a/src/Umbraco.Web.UI.Client/src/views/dashboard/ChangePassword.html
+++ b/src/Umbraco.Web.UI.Client/src/views/dashboard/ChangePassword.html
@@ -1,28 +1,49 @@
 <form name="passwordForm" ng-controller="Umbraco.Dashboard.StartupChangePasswordController">
+	<h3>Change password</h3>
+	<p>Enter your current password, then repeat your new password to change it</p>
+	
 	<umb-pane>
 		<umb-control-group label="Old password">
-			<input type="text" name="oldpass" ng-model="profile.oldPassword" required/>
+			<input type="password" name="oldpass" ng-model="profile.oldPassword" required/>
+
+			<small class="help-inline" 
+					ng-show="passwordForm.oldpass.$error.required">
+					Required
+			</small>
+
+			<small class="help-inline" 
+				ng-show="passwordForm.passcompare.$error.serverside">
+				Old password was not correct
+			</small>
 		</umb-control-group>

 		<umb-control-group label="New password">
-			<input type="text" name="pass" ng-model="profile.newPassword" required/>
+			<input type="password" name="pass" ng-model="profile.newPassword" required/>
+
+			<span class="help-inline" val-msg-for="pass" val-toggle-msg="required">Required</span>
 		</umb-control-group>

 		<umb-control-group label="Repeat new password">
-				<input type="text" name="passcompare" 
-					   val-custom="{compare: '$value === profile.newPassword'}" 
+				<input type="password" name="passcompare" 
+					   val-custom="{compare: '$value === profile.newPassword'}"
+					   val-custom-watch="'profile.newPassword'" 
 					   ng-model="profile.repeatNewPassword" required/>
+
+				<small class="help-inline" 
+					ng-show="passwordForm.passcompare.$error.required">
+					Required
+				</small>
+
+				<small class="help-inline" 
+					ng-show="passwordForm.passcompare.$error.compare">
+					You must re-enter the new password
+				</small>
+
 		</umb-control-group>

 		<umb-control-group hideLabel="1">
 			<button class="btn btn-primary"  
-					ng-disabled="!passwordForm.$valid" 
 					ng-click="changePassword(profile)">Change</button>
 		</umb-control-group>			
 	</umb-pane>
-
-	{{profile | json}} ---
-	{{passwordForm.$error | json}}
-
-	{{passwordForm | json}}
 </form>
--- a/src/Umbraco.Web.UI.Client/src/views/dashboard/dashboard.tabs.controller.js
+++ b/src/Umbraco.Web.UI.Client/src/views/dashboard/dashboard.tabs.controller.js
@@ -1,6 +1,4 @@
 function startUpVideosDashboardController($scope, xmlhelper, $log, $http) {
-
-
 	//xmlHelper.parseFeed("http://umbraco.org/feeds/videos/getting-started").then(function(feed){
 		
 	//});
@@ -18,17 +16,19 @@ function startUpVideosDashboardController($scope, xmlhelper, $log, $http) {
 }
 angular.module("umbraco").controller("Umbraco.Dashboard.StartupVideosController", startUpVideosDashboardController);

-function ChangePasswordDashboardController($scope, xmlhelper, $log, userService) {
+function ChangePasswordDashboardController($scope, xmlhelper, $log, userResource) {
    //this is the model we will pass to the service
    $scope.profile = {};
-    $scope.changePassword = function (p) {
-        userService.changePassword(p.oldPassword, p.newPassword).then(function () {
-            //changed
-        }, function () {
-            //this only happens if there is a wrong oldPassword sent along
-            $scope.passwordForm.oldPass.$setValidity("oldPassword", false);
-        });

+    $scope.changePassword = function (p) {   
+        userResource.changePassword(p.oldPassword, p.newPassword).then(function () {
+            alert("changed");
+            $scope.passwordForm.$setValidity(true);
+        }, function () {
+          alert("not changed");
+            //this only happens if there is a wrong oldPassword sent along
+            $scope.passwordForm.oldpass.$setValidity("oldPassword", false);
+        });
    }
 }

--- a/src/Umbraco.Web/Editors/UserController.cs
+++ b/src/Umbraco.Web/Editors/UserController.cs
@@ -12,6 +12,7 @@ using Umbraco.Web.Mvc;

 using legacyUser = umbraco.BusinessLogic.User;
 using System.Net.Http;
+using System.Collections.Specialized;


 namespace Umbraco.Web.Editors
@@ -43,16 +44,16 @@ namespace Umbraco.Web.Editors
        /// </summary>
        /// <param name="id"></param>
        /// <returns></returns>
-        public HttpResponseMessage PostChangePassword(string oldPassword, string newPassword)
-        {
+        public HttpResponseMessage PostChangePassword(UserPasswordChange data)
+        {   
+         
            var u = UmbracoContext.Security.CurrentUser;
-            if(!System.Web.Security.Membership.ValidateUser(u.Username, oldPassword))
-                return new HttpResponseMessage(HttpStatusCode.Unauthorized);
-
-            u.Password = newPassword;
-            Services.UserService.SaveUser(u);
-
+            if (!UmbracoContext.Security.ValidateBackOfficeCredentials(u.Username, data.OldPassword))
+                return new HttpResponseMessage(HttpStatusCode.Forbidden);

+            if(!UmbracoContext.Security.ChangePassword(data.OldPassword, data.NewPassword))
+                return new HttpResponseMessage(HttpStatusCode.InternalServerError);
+            
            return new HttpResponseMessage(HttpStatusCode.OK);
        }

--- a/src/Umbraco.Web/Models/ContentEditing/UserPasswordChange.cs
+++ b/src/Umbraco.Web/Models/ContentEditing/UserPasswordChange.cs
@@ -0,0 +1,14 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Umbraco.Web.Models.ContentEditing
+{
+    public class UserPasswordChange
+    {
+        public string OldPassword { get; set; }
+        public string NewPassword { get; set; }
+    }
+}
--- a/src/Umbraco.Web/Security/WebSecurity.cs
+++ b/src/Umbraco.Web/Security/WebSecurity.cs
@@ -181,6 +181,18 @@ namespace Umbraco.Web.Security
            return membershipProvider != null && membershipProvider.ValidateUser(username, password);
        }

+        /// <summary>
+        /// Changes password for a back office user
+        /// </summary>
+        /// <param name="username"></param>
+        /// <param name="password"></param>
+        /// <returns></returns>
+        internal bool ChangePassword(string oldpassword, string newpassword)
+        {
+            var membershipProvider = Membership.Providers[LegacyUmbracoSettings.DefaultBackofficeProvider];
+            return membershipProvider.GetUser(CurrentUser.Username, true).ChangePassword(oldpassword, newpassword);
+        }
+
        /// <summary>
        /// Validates the user node tree permissions.
        /// </summary>
--- a/src/Umbraco.Web/Umbraco.Web.csproj
+++ b/src/Umbraco.Web/Umbraco.Web.csproj
@@ -317,6 +317,7 @@
    <Compile Include="Models\ContentEditing\PreValueFieldDisplay.cs" />
    <Compile Include="Models\ContentEditing\PreValueFieldSave.cs" />
    <Compile Include="Models\ContentEditing\PropertyEditorBasic.cs" />
+    <Compile Include="Models\ContentEditing\UserPasswordChange.cs" />
    <Compile Include="Models\Mapping\AvailablePropertyEditorsResolver.cs" />
    <Compile Include="Models\Mapping\DatabaseTypeResolver.cs" />
    <Compile Include="Models\Mapping\DataTypeModelMapper.cs" />
@@ -329,6 +330,7 @@
    <Compile Include="PropertyEditors\DateTimePropertyEditor.cs" />
    <Compile Include="PropertyEditors\DateTimeValidator.cs" />
    <Compile Include="PropertyEditors\DropDownMultiplePropertyEditor.cs" />
+    <Compile Include="PropertyEditors\FolderBrowserPropertyEditor.cs" />
    <Compile Include="PropertyEditors\IntegerPropertyEditor.cs" />
    <Compile Include="PropertyEditors\MediaPicker.cs" />
    <Compile Include="PropertyEditors\MultipleTextStringPropertyEditor.cs" />