[open-ils-commits] [GIT] Evergreen ILS branch rel_2_0 updated. 695ff9fe1c3fe713e169d888858fb1796d9cd949
Evergreen Git
git at git.evergreen-ils.org
Tue Oct 4 12:55:41 EDT 2011
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Evergreen ILS".
The branch, rel_2_0 has been updated
via 695ff9fe1c3fe713e169d888858fb1796d9cd949 (commit)
from 3db19f9d566493ddb5446e69f31b954d52bc361e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 695ff9fe1c3fe713e169d888858fb1796d9cd949
Author: Thomas Berezansky <tsbere at mvlc.org>
Date: Sat Sep 24 16:51:20 2011 -0400
Require password to change email/username
Alter backend to check password period, not just for password changes.
Add form elements for asking for current password to JSPac.
Add handling for said form elements where needed.
Signed-off-by: Thomas Berezansky <tsbere at mvlc.org>
Signed-off-by: Bill Erickson <berick at esilibrary.com>
diff --git a/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm b/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm
index 7708d19..f05d165 100644
--- a/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm
+++ b/Open-ILS/src/perlmods/OpenILS/Application/Actor.pm
@@ -1247,9 +1247,10 @@ __PACKAGE__->register_method(
desc => "Update the operator's username",
params => [
{ desc => 'Authentication token', type => 'string' },
- { desc => 'New username', type => 'string' }
+ { desc => 'New username', type => 'string' },
+ { desc => 'Current password', type => 'string' }
],
- return => {desc => '1 on success, Event on error'}
+ return => {desc => '1 on success, Event on error or incorrect current password'}
}
);
@@ -1260,9 +1261,10 @@ __PACKAGE__->register_method(
desc => "Update the operator's email address",
params => [
{ desc => 'Authentication token', type => 'string' },
- { desc => 'New email address', type => 'string' }
+ { desc => 'New email address', type => 'string' },
+ { desc => 'Current password', type => 'string' }
],
- return => {desc => '1 on success, Event on error'}
+ return => {desc => '1 on success, Event on error or incorrect current password'}
}
);
@@ -1275,12 +1277,14 @@ sub update_passwd {
or return $e->die_event;
my $api = $self->api_name;
+ # make sure the original password matches the in-database password
+ if (md5_hex($orig_pw) ne $db_user->passwd) {
+ $e->rollback;
+ return new OpenILS::Event('INCORRECT_PASSWORD');
+ }
+
if( $api =~ /password/o ) {
- # make sure the original password matches the in-database password
- if (md5_hex($orig_pw) ne $db_user->passwd) {
- $e->rollback;
- return new OpenILS::Event('INCORRECT_PASSWORD');
- }
+
$db_user->passwd($new_val);
} else {
diff --git a/Open-ILS/web/opac/skin/default/js/myopac.js b/Open-ILS/web/opac/skin/default/js/myopac.js
index 692a5f4..d3d1dfb 100644
--- a/Open-ILS/web/opac/skin/default/js/myopac.js
+++ b/Open-ILS/web/opac/skin/default/js/myopac.js
@@ -1052,6 +1052,7 @@ function myopacSaveAddress(row, addr, deleteMe) {
function myOPACUpdateUsername() {
var username = $('myopac_new_username').value;
+ var curpassword = $('myopac_username_current_password').value;
if(username == null || username == "") {
alert($('myopac_username_error').innerHTML);
return;
@@ -1086,7 +1087,7 @@ function myOPACUpdateUsername() {
return;
}
- var req = new Request(UPDATE_USERNAME, G.user.session, username );
+ var req = new Request(UPDATE_USERNAME, G.user.session, username, curpassword );
req.send(true);
if(req.result()) {
@@ -1110,12 +1111,13 @@ function myOPACUpdateUsername() {
function myOPACUpdateEmail() {
var email = $('myopac_new_email').value;
+ var curpassword = $('myopac_email_current_password').value;
if(email == null || email == "") {
alert($('myopac_email_error').innerHTML);
return;
}
- var req = new Request(UPDATE_EMAIL, G.user.session, email );
+ var req = new Request(UPDATE_EMAIL, G.user.session, email, curpassword );
req.send(true);
if(req.result()) {
G.user.email(email);
diff --git a/Open-ILS/web/opac/skin/default/xml/myopac/myopac_summary.xml b/Open-ILS/web/opac/skin/default/xml/myopac/myopac_summary.xml
index 40eda7f..821f870 100644
--- a/Open-ILS/web/opac/skin/default/xml/myopac/myopac_summary.xml
+++ b/Open-ILS/web/opac/skin/default/xml/myopac/myopac_summary.xml
@@ -61,15 +61,26 @@
<td class='color_4 light_border'>&common.username;</td>
<td class='light_border' id='myopac_summary_username'> </td>
<td class='light_border'><a href='javascript:void(0);'
- onclick='unHideMe($("myopac_update_username_row"));$("myopac_new_username").focus();'
+ onclick='unHideMe($("myopac_update_username_row"));$("myopac_username_current_password").focus();'
id='myopac_summary_username_change' style='text-decoration: underline;'>&myopac.summary.change;</a></td>
</tr>
<tr id='myopac_update_username_row' class='hide_me'>
<td class='myopac_update_cell' colspan='3'>
- <span class='myopac_update_span'>&myopac.summary.username.enter; </span>
- <input type='text' size='24' id='myopac_new_username'
- onkeydown='if(userPressedEnter(event)) myOPACUpdateUsername();' />
+
+ <table><tbody>
+ <tr>
+ <td><span class='myopac_update_span'>&myopac.summary.password.current; </span></td>
+ <td><input type='password' size='24' id='myopac_username_current_password'
+ onkeydown='if(userPressedEnter(event)) myOPACUpdateUsername();' /></td>
+ </tr>
+ <tr>
+ <td><span class='myopac_update_span'>&myopac.summary.username.enter; </span></td>
+ <td><input type='text' size='24' id='myopac_new_username'
+ onkeydown='if(userPressedEnter(event)) myOPACUpdateUsername();' /></td>
+ </tr>
+ </tbody></table>
+
<span class='myopac_update_span'>
<button onclick='myOPACUpdateUsername();'>&common.submit;</button>
</span>
@@ -122,15 +133,26 @@
<td class='color_4 light_border'>&myopac.summary.email;</td>
<td class='light_border' id='myopac_summary_email'> </td>
<td class='light_border'><a href='javascript:void(0);'
- onclick='unHideMe($("myopac_update_email_row"));$("myopac_new_email").focus();'
+ onclick='unHideMe($("myopac_update_email_row"));$("myopac_email_current_password").focus();'
id='myopac_summary_email_change' style='text-decoration: underline;'>&myopac.summary.change;</a></td>
</tr>
<tr id='myopac_update_email_row' class='hide_me'>
<td class='myopac_update_cell' colspan='3'>
- <span class='myopac_update_span'>&myopac.summary.email.new; </span>
- <input type='text' size='24' id='myopac_new_email'
- onkeydown='if(userPressedEnter(event)) myOPACUpdateEmail();' />
+
+ <table><tbody>
+ <tr>
+ <td><span class='myopac_update_span'>&myopac.summary.password.current; </span></td>
+ <td><input type='password' size='24' id='myopac_email_current_password'
+ onkeydown='if(userPressedEnter(event)) myOPACUpdateEmail();' /></td>
+ </tr>
+ <tr>
+ <td><span class='myopac_update_span'>&myopac.summary.email.new; </span></td>
+ <td><input type='text' size='24' id='myopac_new_email'
+ onkeydown='if(userPressedEnter(event)) myOPACUpdateEmail();' /></td>
+ </tr>
+ </tbody></table>
+
<span class='myopac_update_span'>
<button onclick='myOPACUpdateEmail();'>&common.submit;</button>
</span>
-----------------------------------------------------------------------
Summary of changes:
Open-ILS/src/perlmods/OpenILS/Application/Actor.pm | 22 +++++++-----
Open-ILS/web/opac/skin/default/js/myopac.js | 6 ++-
.../skin/default/xml/myopac/myopac_summary.xml | 38 +++++++++++++++----
3 files changed, 47 insertions(+), 19 deletions(-)
hooks/post-receive
--
Evergreen ILS
More information about the open-ils-commits
mailing list