Verify the old Password
Call a special login function, that does not use the current
session and ignores the intercept which would log out the
user on a bad old password.
This special login function, testPassword(), calls /login with
the old password, a success verifies the password is correct.
Tested: Changed the user password on a Witherspoon and
verified an incorrect old password does not change the password.
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
Change-Id: I65f6a6aa6dbc5d849e962b6c24a09e3ac0f6cf58
diff --git a/app/users/controllers/user-accounts-controller.js b/app/users/controllers/user-accounts-controller.js
index 8847f35..355ca37 100644
--- a/app/users/controllers/user-accounts-controller.js
+++ b/app/users/controllers/user-accounts-controller.js
@@ -32,13 +32,17 @@
// TODO: Display error
return false;
}
- // TODO: Verify the oldPassword is correct
- APIUtils.changePassword($scope.dataService.getUser(), newPassword).then(function(response){
- // Clear the textboxes on a success
- $scope.passwordVerify = '';
- $scope.password = '';
- $scope.oldPassword = '';
+ // Verify the oldPassword is correct
+ APIUtils.testPassword($scope.dataService.getUser(), oldPassword).then(function(state){
+ APIUtils.changePassword($scope.dataService.getUser(), newPassword).then(function(response){
+ // Clear the textboxes on a success
+ $scope.passwordVerify = '';
+ $scope.password = '';
+ $scope.oldPassword = '';
+ }, function(error){
+ // TODO: Display error
+ });
}, function(error){
// TODO: Display error
});