diff options
author | Gunnar Mills <gmills@us.ibm.com> | 2018-03-16 15:52:54 -0500 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-03-23 19:57:12 +0000 |
commit | 32581cf487e9df5f5fce9ecbcc9edcdd0565b444 (patch) | |
tree | 077b790d9f410938f8c5331f9f5ce0631c1b63c7 | |
parent | d50c76909b699aa5cdd2f5b48de3ebf4003eb9b0 (diff) | |
download | phosphor-webui-32581cf487e9df5f5fce9ecbcc9edcdd0565b444.tar.gz phosphor-webui-32581cf487e9df5f5fce9ecbcc9edcdd0565b444.zip |
Verify the old Password
Call a special login function, that does not use the current
session and ignores the intercept which would log out the
user on a bad old password.
This special login function, testPassword(), calls /login with
the old password, a success verifies the password is correct.
Tested: Changed the user password on a Witherspoon and
verified an incorrect old password does not change the password.
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
Change-Id: I65f6a6aa6dbc5d849e962b6c24a09e3ac0f6cf58
-rw-r--r-- | app/common/services/api-utils.js | 25 | ||||
-rw-r--r-- | app/common/services/apiInterceptor.js | 19 | ||||
-rw-r--r-- | app/common/services/dataService.js | 2 | ||||
-rw-r--r-- | app/users/controllers/user-accounts-controller.js | 16 |
4 files changed, 47 insertions, 15 deletions
diff --git a/app/common/services/api-utils.js b/app/common/services/api-utils.js index 73fe5a4..c8a7969 100644 --- a/app/common/services/api-utils.js +++ b/app/common/services/api-utils.js @@ -189,6 +189,31 @@ window.angular && (function (angular) { console.log(error); }); }, + testPassword: function(username, password){ + // Calls /login without the current session to verify the given password is correct + // ignore the interceptor logout on a bad password + DataService.ignoreHttpError = true; + var deferred = $q.defer(); + $http({ + method: 'POST', + url: DataService.getHost() + "/login", + headers: { + 'Accept': 'application/json', + 'Content-Type': 'application/json' + }, + withCredentials: false, + data: JSON.stringify({"data": [username, password]}) + }).then(function(response){ + var json = JSON.stringify(response.data); + var content = JSON.parse(json); + DataService.ignoreHttpError = false; + deferred.resolve(content.data); + }, function(error){ + DataService.ignoreHttpError = false; + deferred.reject(error); + }); + return deferred.promise; + }, logout: function(callback){ $http({ method: 'POST', diff --git a/app/common/services/apiInterceptor.js b/app/common/services/apiInterceptor.js index 8bbb6f4..304d723 100644 --- a/app/common/services/apiInterceptor.js +++ b/app/common/services/apiInterceptor.js @@ -43,16 +43,19 @@ window.angular && (function (angular) { return response; }, 'responseError': function(rejection){ - // If unauthorized, log out - if (rejection.status == 401){ - if (dataService.path != '/login'){ - $rootScope.$emit('timedout-user', {}); + if (dataService.ignoreHttpError === false) + { + // If unauthorized, log out + if (rejection.status == 401){ + if (dataService.path != '/login'){ + $rootScope.$emit('timedout-user', {}); + } + } else if (rejection.status == -1){ + dataService.server_unreachable = true; } - } else if (rejection.status == -1){ - dataService.server_unreachable = true; - } - dataService.loading = false; + dataService.loading = false; + } return $q.reject(rejection); } }; diff --git a/app/common/services/dataService.js b/app/common/services/dataService.js index 0553bf6..2672c0e 100644 --- a/app/common/services/dataService.js +++ b/app/common/services/dataService.js @@ -33,7 +33,7 @@ window.angular && (function (angular) { this.hostname = ""; this.mac_address = ""; this.remote_window_active = false; - + this.ignoreHttpError = false; this.getServerId = function(){ return this.host.replace(/^https?\:\/\//ig,""); } diff --git a/app/users/controllers/user-accounts-controller.js b/app/users/controllers/user-accounts-controller.js index 8847f35..355ca37 100644 --- a/app/users/controllers/user-accounts-controller.js +++ b/app/users/controllers/user-accounts-controller.js @@ -32,13 +32,17 @@ window.angular && (function (angular) { // TODO: Display error return false; } - // TODO: Verify the oldPassword is correct - APIUtils.changePassword($scope.dataService.getUser(), newPassword).then(function(response){ - // Clear the textboxes on a success - $scope.passwordVerify = ''; - $scope.password = ''; - $scope.oldPassword = ''; + // Verify the oldPassword is correct + APIUtils.testPassword($scope.dataService.getUser(), oldPassword).then(function(state){ + APIUtils.changePassword($scope.dataService.getUser(), newPassword).then(function(response){ + // Clear the textboxes on a success + $scope.passwordVerify = ''; + $scope.password = ''; + $scope.oldPassword = ''; + }, function(error){ + // TODO: Display error + }); }, function(error){ // TODO: Display error }); |