User password change dashboard

2013-09-16 14:50:56 +02:00
parent b6d00cca63
commit fdfb019ea7
8 changed files with 108 additions and 29 deletions
--- a/src/Umbraco.Web/Editors/UserController.cs
+++ b/src/Umbraco.Web/Editors/UserController.cs
@@ -12,6 +12,7 @@ using Umbraco.Web.Mvc;

 using legacyUser = umbraco.BusinessLogic.User;
 using System.Net.Http;
+using System.Collections.Specialized;


 namespace Umbraco.Web.Editors
@@ -43,16 +44,16 @@ namespace Umbraco.Web.Editors
        /// </summary>
        /// <param name="id"></param>
        /// <returns></returns>
-        public HttpResponseMessage PostChangePassword(string oldPassword, string newPassword)
-        {
+        public HttpResponseMessage PostChangePassword(UserPasswordChange data)
+        {   
+         
            var u = UmbracoContext.Security.CurrentUser;
-            if(!System.Web.Security.Membership.ValidateUser(u.Username, oldPassword))
-                return new HttpResponseMessage(HttpStatusCode.Unauthorized);
-
-            u.Password = newPassword;
-            Services.UserService.SaveUser(u);
-
+            if (!UmbracoContext.Security.ValidateBackOfficeCredentials(u.Username, data.OldPassword))
+                return new HttpResponseMessage(HttpStatusCode.Forbidden);

+            if(!UmbracoContext.Security.ChangePassword(data.OldPassword, data.NewPassword))
+                return new HttpResponseMessage(HttpStatusCode.InternalServerError);
+            
            return new HttpResponseMessage(HttpStatusCode.OK);
        }

--- a/src/Umbraco.Web/Models/ContentEditing/UserPasswordChange.cs
+++ b/src/Umbraco.Web/Models/ContentEditing/UserPasswordChange.cs
@@ -0,0 +1,14 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Umbraco.Web.Models.ContentEditing
+{
+    public class UserPasswordChange
+    {
+        public string OldPassword { get; set; }
+        public string NewPassword { get; set; }
+    }
+}
--- a/src/Umbraco.Web/Security/WebSecurity.cs
+++ b/src/Umbraco.Web/Security/WebSecurity.cs
@@ -181,6 +181,18 @@ namespace Umbraco.Web.Security
            return membershipProvider != null && membershipProvider.ValidateUser(username, password);
        }

+        /// <summary>
+        /// Changes password for a back office user
+        /// </summary>
+        /// <param name="username"></param>
+        /// <param name="password"></param>
+        /// <returns></returns>
+        internal bool ChangePassword(string oldpassword, string newpassword)
+        {
+            var membershipProvider = Membership.Providers[LegacyUmbracoSettings.DefaultBackofficeProvider];
+            return membershipProvider.GetUser(CurrentUser.Username, true).ChangePassword(oldpassword, newpassword);
+        }
+
        /// <summary>
        /// Validates the user node tree permissions.
        /// </summary>
--- a/src/Umbraco.Web/Umbraco.Web.csproj
+++ b/src/Umbraco.Web/Umbraco.Web.csproj
@@ -317,6 +317,7 @@
    <Compile Include="Models\ContentEditing\PreValueFieldDisplay.cs" />
    <Compile Include="Models\ContentEditing\PreValueFieldSave.cs" />
    <Compile Include="Models\ContentEditing\PropertyEditorBasic.cs" />
+    <Compile Include="Models\ContentEditing\UserPasswordChange.cs" />
    <Compile Include="Models\Mapping\AvailablePropertyEditorsResolver.cs" />
    <Compile Include="Models\Mapping\DatabaseTypeResolver.cs" />
    <Compile Include="Models\Mapping\DataTypeModelMapper.cs" />
@@ -329,6 +330,7 @@
    <Compile Include="PropertyEditors\DateTimePropertyEditor.cs" />
    <Compile Include="PropertyEditors\DateTimeValidator.cs" />
    <Compile Include="PropertyEditors\DropDownMultiplePropertyEditor.cs" />
+    <Compile Include="PropertyEditors\FolderBrowserPropertyEditor.cs" />
    <Compile Include="PropertyEditors\IntegerPropertyEditor.cs" />
    <Compile Include="PropertyEditors\MediaPicker.cs" />
    <Compile Include="PropertyEditors\MultipleTextStringPropertyEditor.cs" />