From 32581cf487e9df5f5fce9ecbcc9edcdd0565b444 Mon Sep 17 00:00:00 2001 From: Gunnar Mills Date: Fri, 16 Mar 2018 15:52:54 -0500 Subject: Verify the old Password Call a special login function, that does not use the current session and ignores the intercept which would log out the user on a bad old password. This special login function, testPassword(), calls /login with the old password, a success verifies the password is correct. Tested: Changed the user password on a Witherspoon and verified an incorrect old password does not change the password. Signed-off-by: Gunnar Mills Change-Id: I65f6a6aa6dbc5d849e962b6c24a09e3ac0f6cf58 --- app/common/services/api-utils.js | 25 +++++++++++++++++++++++ app/common/services/apiInterceptor.js | 19 +++++++++-------- app/common/services/dataService.js | 2 +- app/users/controllers/user-accounts-controller.js | 16 +++++++++------ 4 files changed, 47 insertions(+), 15 deletions(-) diff --git a/app/common/services/api-utils.js b/app/common/services/api-utils.js index 73fe5a4..c8a7969 100644 --- a/app/common/services/api-utils.js +++ b/app/common/services/api-utils.js @@ -189,6 +189,31 @@ window.angular && (function (angular) { console.log(error); }); }, + testPassword: function(username, password){ + // Calls /login without the current session to verify the given password is correct + // ignore the interceptor logout on a bad password + DataService.ignoreHttpError = true; + var deferred = $q.defer(); + $http({ + method: 'POST', + url: DataService.getHost() + "/login", + headers: { + 'Accept': 'application/json', + 'Content-Type': 'application/json' + }, + withCredentials: false, + data: JSON.stringify({"data": [username, password]}) + }).then(function(response){ + var json = JSON.stringify(response.data); + var content = JSON.parse(json); + DataService.ignoreHttpError = false; + deferred.resolve(content.data); + }, function(error){ + DataService.ignoreHttpError = false; + deferred.reject(error); + }); + return deferred.promise; + }, logout: function(callback){ $http({ method: 'POST', diff --git a/app/common/services/apiInterceptor.js b/app/common/services/apiInterceptor.js index 8bbb6f4..304d723 100644 --- a/app/common/services/apiInterceptor.js +++ b/app/common/services/apiInterceptor.js @@ -43,16 +43,19 @@ window.angular && (function (angular) { return response; }, 'responseError': function(rejection){ - // If unauthorized, log out - if (rejection.status == 401){ - if (dataService.path != '/login'){ - $rootScope.$emit('timedout-user', {}); + if (dataService.ignoreHttpError === false) + { + // If unauthorized, log out + if (rejection.status == 401){ + if (dataService.path != '/login'){ + $rootScope.$emit('timedout-user', {}); + } + } else if (rejection.status == -1){ + dataService.server_unreachable = true; } - } else if (rejection.status == -1){ - dataService.server_unreachable = true; - } - dataService.loading = false; + dataService.loading = false; + } return $q.reject(rejection); } }; diff --git a/app/common/services/dataService.js b/app/common/services/dataService.js index 0553bf6..2672c0e 100644 --- a/app/common/services/dataService.js +++ b/app/common/services/dataService.js @@ -33,7 +33,7 @@ window.angular && (function (angular) { this.hostname = ""; this.mac_address = ""; this.remote_window_active = false; - + this.ignoreHttpError = false; this.getServerId = function(){ return this.host.replace(/^https?\:\/\//ig,""); } diff --git a/app/users/controllers/user-accounts-controller.js b/app/users/controllers/user-accounts-controller.js index 8847f35..355ca37 100644 --- a/app/users/controllers/user-accounts-controller.js +++ b/app/users/controllers/user-accounts-controller.js @@ -32,13 +32,17 @@ window.angular && (function (angular) { // TODO: Display error return false; } - // TODO: Verify the oldPassword is correct - APIUtils.changePassword($scope.dataService.getUser(), newPassword).then(function(response){ - // Clear the textboxes on a success - $scope.passwordVerify = ''; - $scope.password = ''; - $scope.oldPassword = ''; + // Verify the oldPassword is correct + APIUtils.testPassword($scope.dataService.getUser(), oldPassword).then(function(state){ + APIUtils.changePassword($scope.dataService.getUser(), newPassword).then(function(response){ + // Clear the textboxes on a success + $scope.passwordVerify = ''; + $scope.password = ''; + $scope.oldPassword = ''; + }, function(error){ + // TODO: Display error + }); }, function(error){ // TODO: Display error }); -- cgit v1.2.1