Commit 8ad4343d authored by Robert Lyon's avatar Robert Lyon

Bug 1422492: Make user enter current password if changing their username

As the change username option only appears on account index page for
those users that have an auth method allowing it we should make the
user also supply their current password when changign username

We hide the confirm password box for username change until they try to
change it

behatnotneeded

Change-Id: Ic05d3c258d331305ae5c07b952ea2a561a8badf1
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
parent 2991b5ad
......@@ -79,6 +79,12 @@ if ($authobj->authname == 'internal') {
'title' => get_string('changeusername', 'account'),
'description' => get_string('changeusernamedesc', 'account', hsc(get_config('sitename'))),
);
$elements['oldpasswordchangeuser'] = array(
'type' => 'password',
'title' => get_string('oldpassword'),
'help' => false,
'autocomplete' => 'off',
);
}
if (get_config('cleanurls') && get_config('cleanurlusereditable')) {
......@@ -145,7 +151,6 @@ function accountprefs_validate(Pieform $form, $values) {
if (isset($values['oldpassword'])) {
if ($values['oldpassword'] !== '') {
global $USER, $authtype, $authclass;
try {
if (!$authobj->authenticate_user_account($USER, $values['oldpassword'])) {
$form->set_error('oldpassword', get_string('oldpasswordincorrect', 'account'));
......@@ -154,7 +159,7 @@ function accountprefs_validate(Pieform $form, $values) {
}
// propagate error correctly for User validation issues - this should
// be catching AuthUnknownUserException and AuthInstanceException
catch (UserException $e) {
catch (UserException $e) {
$form->set_error('oldpassword', $e->getMessage());
return;
}
......@@ -165,6 +170,31 @@ function accountprefs_validate(Pieform $form, $values) {
}
}
if (isset($values['username']) && $values['username'] != $USER->get('username')) {
if (isset($values['oldpasswordchangeuser'])) {
if ($values['oldpasswordchangeuser'] !== '') {
try {
if (!$authobj->authenticate_user_account($USER, $values['oldpasswordchangeuser'])) {
$form->set_error('oldpasswordchangeuser', get_string('oldpasswordincorrect', 'account'));
return;
}
}
// propagate error correctly for User validation issues - this should
// be catching AuthUnknownUserException and AuthInstanceException
catch (UserException $e) {
$form->set_error('oldpasswordchangeuser', $e->getMessage());
return;
}
}
else {
$form->set_error('oldpasswordchangeuser', get_string('mustspecifycurrentpassword'));
}
}
else {
$form->set_error('oldpasswordchangeuser', get_string('mustspecifycurrentpassword'));
}
}
if ($authobj->authname == 'internal' && $values['username'] != $USER->get('username')) {
if (!AuthInternal::is_username_valid($values['username'])) {
$form->set_error('username', get_string('usernameinvalidform', 'auth.internal'));
......@@ -194,7 +224,6 @@ function accountprefs_submit(Pieform $form, $values) {
db_begin();
$ispasswordchanged = false;
if (isset($values['password1']) && $values['password1'] !== '') {
global $authclass;
$password = $authobj->change_password($USER, $values['password1']);
$USER->password = $password;
$USER->passwordchange = 0;
......@@ -305,6 +334,13 @@ var clearPasswords = (function($) {
}
}
}(jQuery))
$(function() {
$('#accountprefs_oldpasswordchangeuser_container').hide();
$('#accountprefs_username').on('change', function() {
$('#accountprefs_oldpasswordchangeuser_container').show();
});
});
EOF;
$request = get_record('usr_pendingdeletion', 'usr', $USER->id);
......
......@@ -474,6 +474,7 @@ $string['cannotremovedefaultemail'] = 'You cannot remove your primary email addr
$string['emailtoolong'] = 'Email addresses cannot be longer than 255 characters.';
$string['emailinvalid'] = 'Email address invalid.';
$string['mustspecifyoldpassword'] = 'You must specify your current password.';
$string['mustspecifycurrentpassword'] = 'You must specify your current password to change your username.';
$string['Site'] = 'Site';
$string['maildisabled'] = 'Email disabled';
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment