Verify the old Password
Call a special login function, that does not use the current
session and ignores the intercept which would log out the
user on a bad old password.
This special login function, testPassword(), calls /login with
the old password, a success verifies the password is correct.
Tested: Changed the user password on a Witherspoon and
verified an incorrect old password does not change the password.
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
Change-Id: I65f6a6aa6dbc5d849e962b6c24a09e3ac0f6cf58
diff --git a/app/common/services/api-utils.js b/app/common/services/api-utils.js
index 73fe5a4..c8a7969 100644
--- a/app/common/services/api-utils.js
+++ b/app/common/services/api-utils.js
@@ -189,6 +189,31 @@
console.log(error);
});
},
+ testPassword: function(username, password){
+ // Calls /login without the current session to verify the given password is correct
+ // ignore the interceptor logout on a bad password
+ DataService.ignoreHttpError = true;
+ var deferred = $q.defer();
+ $http({
+ method: 'POST',
+ url: DataService.getHost() + "/login",
+ headers: {
+ 'Accept': 'application/json',
+ 'Content-Type': 'application/json'
+ },
+ withCredentials: false,
+ data: JSON.stringify({"data": [username, password]})
+ }).then(function(response){
+ var json = JSON.stringify(response.data);
+ var content = JSON.parse(json);
+ DataService.ignoreHttpError = false;
+ deferred.resolve(content.data);
+ }, function(error){
+ DataService.ignoreHttpError = false;
+ deferred.reject(error);
+ });
+ return deferred.promise;
+ },
logout: function(callback){
$http({
method: 'POST',
diff --git a/app/common/services/apiInterceptor.js b/app/common/services/apiInterceptor.js
index 8bbb6f4..304d723 100644
--- a/app/common/services/apiInterceptor.js
+++ b/app/common/services/apiInterceptor.js
@@ -43,16 +43,19 @@
return response;
},
'responseError': function(rejection){
- // If unauthorized, log out
- if (rejection.status == 401){
- if (dataService.path != '/login'){
- $rootScope.$emit('timedout-user', {});
+ if (dataService.ignoreHttpError === false)
+ {
+ // If unauthorized, log out
+ if (rejection.status == 401){
+ if (dataService.path != '/login'){
+ $rootScope.$emit('timedout-user', {});
+ }
+ } else if (rejection.status == -1){
+ dataService.server_unreachable = true;
}
- } else if (rejection.status == -1){
- dataService.server_unreachable = true;
- }
- dataService.loading = false;
+ dataService.loading = false;
+ }
return $q.reject(rejection);
}
};
diff --git a/app/common/services/dataService.js b/app/common/services/dataService.js
index 0553bf6..2672c0e 100644
--- a/app/common/services/dataService.js
+++ b/app/common/services/dataService.js
@@ -33,7 +33,7 @@
this.hostname = "";
this.mac_address = "";
this.remote_window_active = false;
-
+ this.ignoreHttpError = false;
this.getServerId = function(){
return this.host.replace(/^https?\:\/\//ig,"");
}
diff --git a/app/users/controllers/user-accounts-controller.js b/app/users/controllers/user-accounts-controller.js
index 8847f35..355ca37 100644
--- a/app/users/controllers/user-accounts-controller.js
+++ b/app/users/controllers/user-accounts-controller.js
@@ -32,13 +32,17 @@
// TODO: Display error
return false;
}
- // TODO: Verify the oldPassword is correct
- APIUtils.changePassword($scope.dataService.getUser(), newPassword).then(function(response){
- // Clear the textboxes on a success
- $scope.passwordVerify = '';
- $scope.password = '';
- $scope.oldPassword = '';
+ // Verify the oldPassword is correct
+ APIUtils.testPassword($scope.dataService.getUser(), oldPassword).then(function(state){
+ APIUtils.changePassword($scope.dataService.getUser(), newPassword).then(function(response){
+ // Clear the textboxes on a success
+ $scope.passwordVerify = '';
+ $scope.password = '';
+ $scope.oldPassword = '';
+ }, function(error){
+ // TODO: Display error
+ });
}, function(error){
// TODO: Display error
});