Skip to content

Commit

Permalink
request current password when changing profile data for security reasons
Browse files Browse the repository at this point in the history
  • Loading branch information
@Athou
Athou committed Jul 23, 2022
1 parent b6a9b17 commit c36dd47
Show file tree
Hide file tree
Showing 34 changed files with 103 additions and 50 deletions.
2 changes: 1 addition & 1 deletion src/main/app/i18n/ar.js
View file
Expand Up @@ -111,7 +111,7 @@
"email" : "E-mail",
"change_password" : "Change password",
"confirm_password" : "Confirm password",
"minimum_6_chars" : "Minimum 6 characters",
"minimum_8_chars" : "Minimum 8 characters",
"passwords_do_not_match" : "Passwords do not match",
"api_key" : "API key",
"api_key_not_generated" : "Not generated yet",
Expand Down
2 changes: 1 addition & 1 deletion src/main/app/i18n/ca.js
View file
Expand Up @@ -111,7 +111,7 @@
"email" : "Adreça electrònica",
"change_password" : "Canvia la contrasenya ",
"confirm_password" : "Confirma la contrasenya",
"minimum_6_chars" : "Mínim de 6 caracters",
"minimum_8_chars" : "Mínim de 8 caracters",
"passwords_do_not_match" : "Les contrasenyes no coincideixen",
"api_key" : "Clau API ",
"api_key_not_generated" : "Encara no s'ha generat",
Expand Down
2 changes: 1 addition & 1 deletion src/main/app/i18n/cs.js
View file
Expand Up @@ -111,7 +111,7 @@
"email " : " E-mail",
"change_password " : " Změnit heslo",
"confirm_password " : " Potvrdit heslo",
"minimum_6_chars " : " Minimum je 6 znaků",
"minimum_8_chars " : " Minimum je 8 znaků",
"passwords_do_not_match " : " Hesla se neshodují",
"api_key " : " API klíč",
"api_key_not_generated " : " Není vygenerován",
Expand Down
2 changes: 1 addition & 1 deletion src/main/app/i18n/cy.js
View file
Expand Up @@ -111,7 +111,7 @@
"email" : "E-bost",
"change_password" : "Newid cyfrinair",
"confirm_password" : "Cadarnhau cyfrinair",
"minimum_6_chars" : "Isafswm 6 nod",
"minimum_8_chars" : "Isafswm 8 nod",
"passwords_do_not_match" : "Mae'r cyfrineiriau yn wahanol",
"api_key" : "Allwedd API",
"api_key_not_generated" : "Heb ei gynhyrchu eto",
Expand Down
2 changes: 1 addition & 1 deletion src/main/app/i18n/da.js
View file
Expand Up @@ -111,7 +111,7 @@
"email" : "E-mail",
"change_password" : "Skift adgangskode",
"confirm_password" : "Bekræft adgangskode",
"minimum_6_chars" : "Minimum 6 karakter",
"minimum_8_chars" : "Minimum 8 karakter",
"passwords_do_not_match" : "Adgangskoderne er ikke ens",
"api_key" : "API nøgle",
"api_key_not_generated" : "Ikke genereret endnu",
Expand Down
2 changes: 1 addition & 1 deletion src/main/app/i18n/de.js
View file
Expand Up @@ -111,7 +111,7 @@
"email" : "E-mail",
"change_password" : "Passwort ändern",
"confirm_password" : "Passwort bestätigen",
"minimum_6_chars" : "Mindestens 6 Zeichen",
"minimum_8_chars" : "Mindestens 8 Zeichen",
"passwords_do_not_match" : "Passwörter stimmen nicht überein",
"api_key" : "API Schlüssel",
"api_key_not_generated" : "Noch nicht generiert",
Expand Down
3 changes: 2 additions & 1 deletion src/main/app/i18n/en.js
View file
Expand Up @@ -111,9 +111,10 @@
"profile" : {
"user_name" : "User name",
"email" : "E-mail",
"current_password" : "Current Password",
"change_password" : "Change password",
"confirm_password" : "Confirm password",
"minimum_6_chars" : "Minimum 6 characters",
"minimum_8_chars" : "Minimum 8 characters",
"passwords_do_not_match" : "Passwords do not match",
"api_key" : "API key",
"api_key_not_generated" : "Not generated yet",
Expand Down
2 changes: 1 addition & 1 deletion src/main/app/i18n/es.js
View file
Expand Up @@ -113,7 +113,7 @@
"email" : "Correo electrónico",
"change_password" : "Cambiar contraseña",
"confirm_password" : "Confirmar contraseña",
"minimum_6_chars" : "Mínimo 6 caracteres",
"minimum_8_chars" : "Mínimo 8 caracteres",
"passwords_do_not_match" : "Las contraseñas no coinciden",
"api_key" : "Clave API",
"api_key_not_generated" : "No generado todavía",
Expand Down
2 changes: 1 addition & 1 deletion src/main/app/i18n/fa.js
View file
Expand Up @@ -111,7 +111,7 @@
"email" : "رایانامه",
"change_password" : "تغییر گذرواژه",
"confirm_password" : "تأیید گذرواژه",
"minimum_6_chars" : "حداقل ۶ نویسه",
"minimum_8_chars" : "حداقل ۸ نویسه",
"passwords_do_not_match" : "گذرواژه‌ها انطباق ندارند",
"api_key" : "کلید API",
"api_key_not_generated" : "هنوز ایجاد نشده‌است",
Expand Down
2 changes: 1 addition & 1 deletion src/main/app/i18n/fi.js
View file
Expand Up @@ -111,7 +111,7 @@
"email" : "Sähköposti",
"change_password" : "Vaihda salasana",
"confirm_password" : "Vahvista uusi salasana",
"minimum_6_chars" : "Vähintään 6 merkkiä",
"minimum_8_chars" : "Vähintään 8 merkkiä",
"passwords_do_not_match" : "Salasanat eivät täsmää",
"api_key" : "API-avain",
"api_key_not_generated" : "API-avainta ei ole vielä luotu",
Expand Down
3 changes: 2 additions & 1 deletion src/main/app/i18n/fr.js
View file
Expand Up @@ -109,9 +109,10 @@
"profile" : {
"user_name" : "Nom",
"email" : "E-mail",
"current_password" : "Mot de passe actuel",
"change_password" : "Changer de mot de passe",
"confirm_password" : "Confirmer le mot de passe",
"minimum_6_chars" : "Minimum 6 caractères",
"minimum_8_chars" : "Minimum 8 caractères",
"passwords_do_not_match" : "Les mots de passe ne correspondent pas",
"api_key" : "Clé API",
"api_key_not_generated" : "Pas encore générée",
Expand Down
2 changes: 1 addition & 1 deletion src/main/app/i18n/gl.js
View file
Expand Up @@ -111,7 +111,7 @@
"email" : "Correo",
"change_password" : "Cambiar contrasinal",
"confirm_password" : "Confirmar contrasinal",
"minimum_6_chars" : "Mínimo 6 caracteres",
"minimum_8_chars" : "Mínimo 8 caracteres",
"passwords_do_not_match" : "Os contrasinais non coinciden no coinciden",
"api_key" : "Chave API",
"api_key_not_generated" : "Non xerado todavía",
Expand Down
2 changes: 1 addition & 1 deletion src/main/app/i18n/glk.js
View file
Expand Up @@ -111,7 +111,7 @@
"email" : "ایمئل",
"change_password" : "رمزه عوضأگودن",
"confirm_password" : "رمزه تأیید گودن",
"minimum_6_chars" : "ناقلن 6 کارکتر",
"minimum_8_chars" : "ناقلن 8 کارکتر",
"passwords_do_not_match" : "رمزان کس‌به‌کسه نخانید",
"api_key" : "کلید API",
"api_key_not_generated" : "هلئه چاگوده نبؤ",
Expand Down
2 changes: 1 addition & 1 deletion src/main/app/i18n/hu.js
View file
Expand Up @@ -111,7 +111,7 @@
"email" : "E-mail",
"change_password" : "Jelszó megváltoztatás",
"confirm_password" : "Jelszó megerősítése",
"minimum_6_chars" : "Legalább 8 karakter",
"minimum_8_chars" : "Legalább 8 karakter",
"passwords_do_not_match" : "A jelszavak nem egyeznek",
"api_key" : "API kulcs",
"api_key_not_generated" : "Még nincsen generálva",
Expand Down
2 changes: 1 addition & 1 deletion src/main/app/i18n/id.js
View file
Expand Up @@ -113,7 +113,7 @@
"email" : "Surel",
"change_password" : "Ganti kata sandi",
"confirm_password" : "Konfirmasi kata sandi",
"minimum_6_chars" : "Minimal 6 karakter",
"minimum_8_chars" : "Minimal 8 karakter",
"passwords_do_not_match" : "Kata sandi tidak sesuai",
"api_key" : "kunci API",
"api_key_not_generated" : "Belum menghasilkan",
Expand Down
2 changes: 1 addition & 1 deletion src/main/app/i18n/it.js
View file
Expand Up @@ -113,7 +113,7 @@
"email" : "E-mail",
"change_password" : "Cambia password",
"confirm_password" : "Conferma password",
"minimum_6_chars" : "Minimo 6 caratteri",
"minimum_8_chars" : "Minimo 8 caratteri",
"passwords_do_not_match" : "Le password non corrispondono",
"api_key" : "chiave API",
"api_key_not_generated" : "Non ancora generata",
Expand Down
2 changes: 1 addition & 1 deletion src/main/app/i18n/ja.js
View file
Expand Up @@ -111,7 +111,7 @@
"email" : "E-mail",
"change_password" : "パスワードの変更",
"confirm_password" : "変更パスワードの確認",
"minimum_6_chars" : "6文字以上",
"minimum_8_chars" : "8文字以上",
"passwords_do_not_match" : "パスワードが一致しません",
"api_key" : "APIキー",
"api_key_not_generated" : "APIキーが生成されていません",
Expand Down
2 changes: 1 addition & 1 deletion src/main/app/i18n/ko.js
View file
Expand Up @@ -111,7 +111,7 @@
"email" : "이메일",
"change_password" : "비밀번호 변경",
"confirm_password" : "비밀번호 확인",
"minimum_6_chars" : "최소 6개의 문자가 필요합니다.",
"minimum_8_chars" : "최소 8개의 문자가 필요합니다.",
"passwords_do_not_match" : "비밀번호가 일치하지 않습니다.",
"api_key" : "API key",
"api_key_not_generated" : "아직 API Key가 생성되지 않았습니다.",
Expand Down
2 changes: 1 addition & 1 deletion src/main/app/i18n/ms.js
View file
Expand Up @@ -111,7 +111,7 @@
"email" : "E-mel",
"change_password" : "Tukar kata laluan",
"confirm_password" : "Sahkan kata laluan",
"minimum_6_chars" : "Minimum 6 huruf",
"minimum_8_chars" : "Minimum 8 huruf",
"passwords_do_not_match" : "Kata laluan tidak sama",
"api_key" : "API key",
"api_key_not_generated" : "Belum dijana",
Expand Down
2 changes: 1 addition & 1 deletion src/main/app/i18n/nb.js
View file
Expand Up @@ -111,7 +111,7 @@
"email" : "E-post",
"change_password" : "Endre passord",
"confirm_password" : "Bekreft passord",
"minimum_6_chars" : "Minimum 6 tegn",
"minimum_8_chars" : "Minimum 8 tegn",
"passwords_do_not_match" : "Passordene er ikke like",
"api_key" : "API-nøkkel",
"api_key_not_generated" : "Har ikke blitt generert",
Expand Down
2 changes: 1 addition & 1 deletion src/main/app/i18n/nl.js
View file
Expand Up @@ -111,7 +111,7 @@
"email" : "E-mail",
"change_password" : "Verander wachtwoord",
"confirm_password" : "Bevestig wachtwoord",
"minimum_6_chars" : "Minimaal 6 tekens",
"minimum_8_chars" : "Minimaal 8 tekens",
"passwords_do_not_match" : "Wachtwoorden komen niet overeen",
"api_key" : "API sleutel",
"api_key_not_generated" : "Nog niet gegenereerd",
Expand Down
2 changes: 1 addition & 1 deletion src/main/app/i18n/nn.js
View file
Expand Up @@ -111,7 +111,7 @@
"email" : "E-post",
"change_password" : "Endre passord",
"confirm_password" : "Stadfest passord",
"minimum_6_chars" : "Minimum 6 teikn",
"minimum_8_chars" : "Minimum 8 teikn",
"passwords_do_not_match" : "Passorda er usamde",
"api_key" : "API-nykel",
"api_key_not_generated" : "Har ikkje vorte generert",
Expand Down
2 changes: 1 addition & 1 deletion src/main/app/i18n/pl.js
View file
Expand Up @@ -113,7 +113,7 @@
"email" : "E-mail",
"change_password" : "Zmień hasło",
"confirm_password" : "Potwierdź hasło",
"minimum_6_chars" : "Minimum 6 znaków",
"minimum_8_chars" : "Minimum 8 znaków",
"passwords_do_not_match" : "Hasła nie pasują do siebie",
"api_key" : "Klucz API",
"api_key_not_generated" : "Jeszcze niewygenerowany",
Expand Down
2 changes: 1 addition & 1 deletion src/main/app/i18n/pt.js
View file
Expand Up @@ -111,7 +111,7 @@
"email" : "E-mail",
"change_password" : "Trocar senha",
"confirm_password" : "Confirmar senha",
"minimum_6_chars" : "Mínimo de 6 caracteres",
"minimum_8_chars" : "Mínimo de 8 caracteres",
"passwords_do_not_match" : "Senhas não conferem",
"api_key" : "Chave de API",
"api_key_not_generated" : "Ainda não gerada",
Expand Down
2 changes: 1 addition & 1 deletion src/main/app/i18n/ru.js
View file
Expand Up @@ -111,7 +111,7 @@
"email" : "Эл. почта",
"change_password" : "Изменить пароль",
"confirm_password" : "Подтвердите пароль",
"minimum_6_chars" : "Не меньше 6 символов",
"minimum_8_chars" : "Не меньше 8 символов",
"passwords_do_not_match" : "Пароли не совпадают",
"api_key" : "API-ключ",
"api_key_not_generated" : "Не сгенерирован",
Expand Down
2 changes: 1 addition & 1 deletion src/main/app/i18n/sk.js
View file
Expand Up @@ -111,7 +111,7 @@
"email" : "E-mail",
"change_password" : "Zmeniť heslo",
"confirm_password" : "Potvrdiť heslo",
"minimum_6_chars" : "Minimum je 6 znakov",
"minimum_8_chars" : "Minimum je 8 znakov",
"passwords_do_not_match" : "Heslá sa nezhodujú",
"api_key" : "API kľúč",
"api_key_not_generated" : "Nie je vygenerovaný",
Expand Down
2 changes: 1 addition & 1 deletion src/main/app/i18n/sv.js
View file
Expand Up @@ -111,7 +111,7 @@
"email" : "E-mail",
"change_password" : "Ändra lösenord",
"confirm_password" : "Bekräfta lösenord",
"minimum_6_chars" : "Minst 6 bokstäver",
"minimum_8_chars" : "Minst 8 bokstäver",
"passwords_do_not_match" : "Lösenorden matchar inte",
"api_key" : "API-nyckel",
"api_key_not_generated" : "Inte skapad än",
Expand Down
2 changes: 1 addition & 1 deletion src/main/app/i18n/tr.js
View file
Expand Up @@ -111,7 +111,7 @@
"email" : "E-posta",
"change_password" : "Şifre değiştir",
"confirm_password" : "Şifreyi doğrula",
"minimum_6_chars" : "En az 6 karakter",
"minimum_8_chars" : "En az 8 karakter",
"passwords_do_not_match" : "Şifreler uyuşmuyor",
"api_key" : "API anahtarı",
"api_key_not_generated" : "Henüz oluşturulmadı",
Expand Down
2 changes: 1 addition & 1 deletion src/main/app/i18n/zh.js
View file
Expand Up @@ -111,7 +111,7 @@
"email" : "邮箱",
"change_password" : "修改密码",
"confirm_password" : "确认密码",
"minimum_6_chars" : "最少为 6 个字母",
"minimum_8_chars" : "最少为 8 个字母",
"passwords_do_not_match" : "密码不匹配",
"api_key" : "API 密钥",
"api_key_not_generated" : "API 密钥尚未生成",
Expand Down
24 changes: 20 additions & 4 deletions src/main/app/js/controllers.js
View file
Expand Up @@ -1546,23 +1546,39 @@ module.controller("ProfileCtrl", [
AnalyticsService.track()

$scope.user = ProfileService.get()
$scope.error = ""

$scope.cancel = function () {
$location.path("/")
}
$scope.save = function () {
$scope.error = ""
if (!$scope.profileForm.$valid) {
return
}
var o = {
email: $scope.user.email,
password: $scope.user.password,
currentPassword: $scope.currentPassword,
newPassword: $scope.newPassword,
newApiKey: $scope.newApiKey,
}

ProfileService.save(o, function () {
$location.path("/")
})
ProfileService.save(
o,
function () {
$location.path("/")
},
function (error) {
var data = error.data
if (data.errors) {
// password validation error
$scope.error = data.errors.join(", ")
} else {
// bad request error
$scope.error = data.message
}
}
)
}
$scope.deleteAccount = function () {
ProfileService.deleteAccount({})
Expand Down
33 changes: 25 additions & 8 deletions src/main/app/templates/profile.html
View file
Expand Up @@ -3,31 +3,48 @@
<h1>{{ 'toolbar.profile' | translate }}</h1>
</div>
<form name="profileForm" ng-submit="save()" class="form-horizontal">
<div ng-if="error" class="col-sm-offset-2 col-sm-10 alert alert-danger">{{error}}</div>
<div class="form-group">
<label class="col-sm-2 control-label" for="email">{{ 'profile.user_name' | translate }}</label>
<div class="col-sm-10 checkbox">
<span>{{user.name}}</span>
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label" for="currentPassword">{{ 'profile.current_password' | translate }}</label>
<div class="col-sm-10">
<input
type="password"
name="currentPassword"
id="currentPassword"
ng-model="currentPassword"
class="form-control"
autocomplete="off"
required
/>
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label" for="email">{{ 'profile.email' | translate }}</label>
<div class="col-sm-10">
<input type="email" id="email" ng-model="user.email" class="form-control" autocomplete="off" />
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label" for="password">{{ 'profile.change_password' | translate }}</label>
<label class="col-sm-2 control-label" for="newPassword">{{ 'profile.change_password' | translate }}</label>
<div class="col-sm-10">
<input
type="password"
name="password"
id="password"
ng-model="user.password"
name="newPassword"
id="newPassword"
ng-model="newPassword"
class="form-control"
ng-minlength="6"
ng-minlength="8"
autocomplete="off"
/>
<span class="help-inline" ng-show="profileForm.password.$error.minlength">{{ 'profile.minimum_6_chars' | translate }}</span>
<span class="help-inline" ng-show="profileForm.newPassword.$error.minlength"
>{{ 'profile.minimum_8_chars' | translate }}</span
>
</div>
</div>
<div class="form-group">
Expand All @@ -39,8 +56,8 @@ <h1>{{ 'toolbar.profile' | translate }}</h1>
name="password_c"
id="password_c"
ng-model="password_c"
ui-validate="'$value==user.password'"
ui-validate-watch="'user.password'"
ui-validate="'$value==newPassword'"
ui-validate-watch="'newPassword'"
autocomplete="off"
/>
<span class="help-inline" ng-show="profileForm.password_c.$error.validator"
Expand Down
5 changes: 5 additions & 0 deletions src/main/java/com/commafeed/frontend/auth/PasswordConstraintValidator.java
View file
Expand Up @@ -5,6 +5,7 @@
import javax.validation.ConstraintValidator;
import javax.validation.ConstraintValidatorContext;

import org.apache.commons.lang3.StringUtils;
import org.passay.CharacterRule;
import org.passay.EnglishCharacterData;
import org.passay.LengthRule;
Expand All @@ -22,6 +23,10 @@ public void initialize(ValidPassword constraintAnnotation) {

@Override
public boolean isValid(String value, ConstraintValidatorContext context) {
if (StringUtils.isBlank(value)) {
return true;
}

PasswordValidator validator = buildPasswordValidator();
RuleResult result = validator.validate(new PasswordData(value));

Expand Down

0 comments on commit c36dd47

Please sign in to comment.