diff options
author | Gunnar Mills <gmills@us.ibm.com> | 2018-03-16 15:52:54 -0500 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-03-23 19:57:12 +0000 |
commit | 32581cf487e9df5f5fce9ecbcc9edcdd0565b444 (patch) | |
tree | 077b790d9f410938f8c5331f9f5ce0631c1b63c7 /app/common/services | |
parent | d50c76909b699aa5cdd2f5b48de3ebf4003eb9b0 (diff) | |
download | phosphor-webui-32581cf487e9df5f5fce9ecbcc9edcdd0565b444.tar.gz phosphor-webui-32581cf487e9df5f5fce9ecbcc9edcdd0565b444.zip |
Verify the old Password
Call a special login function, that does not use the current
session and ignores the intercept which would log out the
user on a bad old password.
This special login function, testPassword(), calls /login with
the old password, a success verifies the password is correct.
Tested: Changed the user password on a Witherspoon and
verified an incorrect old password does not change the password.
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
Change-Id: I65f6a6aa6dbc5d849e962b6c24a09e3ac0f6cf58
Diffstat (limited to 'app/common/services')
-rw-r--r-- | app/common/services/api-utils.js | 25 | ||||
-rw-r--r-- | app/common/services/apiInterceptor.js | 19 | ||||
-rw-r--r-- | app/common/services/dataService.js | 2 |
3 files changed, 37 insertions, 9 deletions
diff --git a/app/common/services/api-utils.js b/app/common/services/api-utils.js index 73fe5a4..c8a7969 100644 --- a/app/common/services/api-utils.js +++ b/app/common/services/api-utils.js @@ -189,6 +189,31 @@ window.angular && (function (angular) { console.log(error); }); }, + testPassword: function(username, password){ + // Calls /login without the current session to verify the given password is correct + // ignore the interceptor logout on a bad password + DataService.ignoreHttpError = true; + var deferred = $q.defer(); + $http({ + method: 'POST', + url: DataService.getHost() + "/login", + headers: { + 'Accept': 'application/json', + 'Content-Type': 'application/json' + }, + withCredentials: false, + data: JSON.stringify({"data": [username, password]}) + }).then(function(response){ + var json = JSON.stringify(response.data); + var content = JSON.parse(json); + DataService.ignoreHttpError = false; + deferred.resolve(content.data); + }, function(error){ + DataService.ignoreHttpError = false; + deferred.reject(error); + }); + return deferred.promise; + }, logout: function(callback){ $http({ method: 'POST', diff --git a/app/common/services/apiInterceptor.js b/app/common/services/apiInterceptor.js index 8bbb6f4..304d723 100644 --- a/app/common/services/apiInterceptor.js +++ b/app/common/services/apiInterceptor.js @@ -43,16 +43,19 @@ window.angular && (function (angular) { return response; }, 'responseError': function(rejection){ - // If unauthorized, log out - if (rejection.status == 401){ - if (dataService.path != '/login'){ - $rootScope.$emit('timedout-user', {}); + if (dataService.ignoreHttpError === false) + { + // If unauthorized, log out + if (rejection.status == 401){ + if (dataService.path != '/login'){ + $rootScope.$emit('timedout-user', {}); + } + } else if (rejection.status == -1){ + dataService.server_unreachable = true; } - } else if (rejection.status == -1){ - dataService.server_unreachable = true; - } - dataService.loading = false; + dataService.loading = false; + } return $q.reject(rejection); } }; diff --git a/app/common/services/dataService.js b/app/common/services/dataService.js index 0553bf6..2672c0e 100644 --- a/app/common/services/dataService.js +++ b/app/common/services/dataService.js @@ -33,7 +33,7 @@ window.angular && (function (angular) { this.hostname = ""; this.mac_address = ""; this.remote_window_active = false; - + this.ignoreHttpError = false; this.getServerId = function(){ return this.host.replace(/^https?\:\/\//ig,""); } |