Verify the old Password

Call a special login function, that does not use the current
session and ignores the intercept which would log out the
user on a bad old password.
This special login function, testPassword(), calls /login with
the old password, a success verifies the password is correct.

Tested: Changed the user password on a Witherspoon and
verified an incorrect old password does not change the password.
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
Change-Id: I65f6a6aa6dbc5d849e962b6c24a09e3ac0f6cf58

4 files changed, 47 insertions, 15 deletions

diff --git a/app/common/services/api-utils.js b/app/common/services/api-utils.js
index 73fe5a4..c8a7969 100644
--- a/app/common/services/api-utils.js
+++ b/app/common/services/api-utils.js
@@ -189,6 +189,31 @@ window.angular && (function (angular) {
                   console.log(error);
                 });
               },
+              testPassword: function(username, password){
+                // Calls /login without the current session to verify the given password is correct
+                // ignore the interceptor logout on a bad password
+                DataService.ignoreHttpError = true;
+                var deferred = $q.defer();
+                $http({
+                  method: 'POST',
+                  url: DataService.getHost() + "/login",
+                  headers: {
+                    'Accept': 'application/json',
+                    'Content-Type': 'application/json'
+                  },
+                  withCredentials: false,
+                  data: JSON.stringify({"data": [username, password]})
+                }).then(function(response){
+                  var json = JSON.stringify(response.data);
+                  var content = JSON.parse(json);
+                  DataService.ignoreHttpError = false;
+                  deferred.resolve(content.data);
+                }, function(error){
+                  DataService.ignoreHttpError = false;
+                  deferred.reject(error);
+                });
+                return deferred.promise;
+              },
               logout: function(callback){
                 $http({
                   method: 'POST',
diff --git a/app/common/services/apiInterceptor.js b/app/common/services/apiInterceptor.js
index 8bbb6f4..304d723 100644
--- a/app/common/services/apiInterceptor.js
+++ b/app/common/services/apiInterceptor.js
@@ -43,16 +43,19 @@ window.angular && (function (angular) {
                     return response;
                 },
                 'responseError': function(rejection){
-                    // If unauthorized, log out
-                    if (rejection.status == 401){
-                        if (dataService.path != '/login'){
-                            $rootScope.$emit('timedout-user', {});
+                    if (dataService.ignoreHttpError === false)
+                    {
+                        // If unauthorized, log out
+                        if (rejection.status == 401){
+                            if (dataService.path != '/login'){
+                                $rootScope.$emit('timedout-user', {});
+                            }
+                        } else if (rejection.status == -1){
+                            dataService.server_unreachable = true;
                         }
-                    } else if (rejection.status == -1){
-                        dataService.server_unreachable = true;
-                    }
 
-                    dataService.loading = false;
+                        dataService.loading = false;
+                    }
                     return $q.reject(rejection);
                 }
             };
diff --git a/app/common/services/dataService.js b/app/common/services/dataService.js
index 0553bf6..2672c0e 100644
--- a/app/common/services/dataService.js
+++ b/app/common/services/dataService.js
@@ -33,7 +33,7 @@ window.angular && (function (angular) {
             this.hostname = "";
             this.mac_address = "";
             this.remote_window_active = false;
-
+            this.ignoreHttpError = false;
             this.getServerId = function(){
                  return this.host.replace(/^https?\:\/\//ig,"");
             }
diff --git a/app/users/controllers/user-accounts-controller.js b/app/users/controllers/user-accounts-controller.js
index 8847f35..355ca37 100644
--- a/app/users/controllers/user-accounts-controller.js
+++ b/app/users/controllers/user-accounts-controller.js
@@ -32,13 +32,17 @@ window.angular && (function (angular) {
                         // TODO: Display error
                         return false;
                     }
-                    // TODO: Verify the oldPassword is correct
 
-                    APIUtils.changePassword($scope.dataService.getUser(), newPassword).then(function(response){
-                        // Clear the textboxes on a success
-                        $scope.passwordVerify = '';
-                        $scope.password = '';
-                        $scope.oldPassword = '';
+                    // Verify the oldPassword is correct
+                    APIUtils.testPassword($scope.dataService.getUser(), oldPassword).then(function(state){
+                        APIUtils.changePassword($scope.dataService.getUser(), newPassword).then(function(response){
+                            // Clear the textboxes on a success
+                            $scope.passwordVerify = '';
+                            $scope.password = '';
+                            $scope.oldPassword = '';
+                        }, function(error){
+                            // TODO: Display error
+                        });
                     }, function(error){
                         // TODO: Display error
                     });