Skip to content

Commit

Permalink
also check for the old password
Browse files Browse the repository at this point in the history
  • Loading branch information
@matmair
matmair committed Jun 16, 2022
1 parent 92ab21e commit 3d20f7c
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 8 deletions.
9 changes: 8 additions & 1 deletion InvenTree/InvenTree/forms.py
View file
Expand Up @@ -144,13 +144,20 @@ class SetPasswordForm(HelperForm):
help_text=_('Confirm new password')
)

old_password = forms.CharField(
label=_("Old password"),
strip=False,
widget=forms.PasswordInput(attrs={'autocomplete': 'current-password', 'autofocus': True}),
)

class Meta:
"""Metaclass options."""

model = User
fields = [
'enter_password',
'confirm_password'
'confirm_password',
'old_password',
]


Expand Down
16 changes: 9 additions & 7 deletions InvenTree/InvenTree/views.py
View file
Expand Up @@ -540,6 +540,8 @@ def post(self, request, *args, **kwargs):

p1 = request.POST.get('enter_password', '')
p2 = request.POST.get('confirm_password', '')
old_password = request.POST.get('old_password', '')
user = self.request.user

if valid:
# Passwords must match
Expand All @@ -548,20 +550,20 @@ def post(self, request, *args, **kwargs):
error = _('Password fields must match')
form.add_error('enter_password', error)
form.add_error('confirm_password', error)

valid = False

data = {
'form_valid': valid
}

if valid:
user = self.request.user
# Old password must be correct

if not user.check_password(old_password):
form.add_error('old_password', _('Wrong password provided'))
valid = False

if valid:
user.set_password(p1)
user.save()

return self.renderJsonResponse(request, form, data=data)
return self.renderJsonResponse(request, form, data={'form_valid': valid})


class IndexView(TemplateView):
Expand Down

0 comments on commit 3d20f7c

Please sign in to comment.