aboutsummaryrefslogtreecommitdiffstats
path: root/perllib/FixMyStreet/App
diff options
context:
space:
mode:
Diffstat (limited to 'perllib/FixMyStreet/App')
-rw-r--r--perllib/FixMyStreet/App/Controller/Auth.pm6
-rw-r--r--perllib/FixMyStreet/App/Controller/Auth/Profile.pm34
2 files changed, 34 insertions, 6 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Auth.pm b/perllib/FixMyStreet/App/Controller/Auth.pm
index 86e3e8434..95f8bb9a2 100644
--- a/perllib/FixMyStreet/App/Controller/Auth.pm
+++ b/perllib/FixMyStreet/App/Controller/Auth.pm
@@ -85,6 +85,12 @@ sub sign_in : Private {
my $parsed = FixMyStreet::SMS->parse_username($username);
if ($parsed->{username} && $password && $c->forward('authenticate', [ $parsed->{type}, $parsed->{username}, $password ])) {
+ # Upgrade hash count if necessary
+ my $cost = sprintf("%02d", FixMyStreet::DB::Result::User->cost);
+ if ($c->user->password !~ /^\$2a\$$cost\$/) {
+ $c->user->update({ password => $password });
+ }
+
# unless user asked to be remembered limit the session to browser
$c->set_session_cookie_expire(0)
unless $remember_me;
diff --git a/perllib/FixMyStreet/App/Controller/Auth/Profile.pm b/perllib/FixMyStreet/App/Controller/Auth/Profile.pm
index d1fb32c41..2d8ae081e 100644
--- a/perllib/FixMyStreet/App/Controller/Auth/Profile.pm
+++ b/perllib/FixMyStreet/App/Controller/Auth/Profile.pm
@@ -19,7 +19,7 @@ verifying email, phone, password.
=cut
-sub auto {
+sub auto : Private {
my ( $self, $c ) = @_;
$c->detach( '/auth/redirect' ) unless $c->user;
@@ -49,8 +49,17 @@ sub change_password : Path('/auth/change_password') {
my $new = $c->get_param('new_password') // '';
my $confirm = $c->get_param('confirm') // '';
+ my $password_error;
+
+ # Check existing password, if available
+ if ($c->user->password) {
+ my $current = $c->get_param('current_password') // '';
+ $c->stash->{current_password} = $current;
+ $password_error = 'incorrect' unless $c->user->check_password($current);
+ }
+
# check for errors
- my $password_error =
+ $password_error ||=
!$new && !$confirm ? 'missing'
: $new ne $confirm ? 'mismatch'
: !$c->forward('/auth/test_password', [ $new ]) ? 'failed'
@@ -63,10 +72,17 @@ sub change_password : Path('/auth/change_password') {
return;
}
- # we should have a usable password - save it to the user
- $c->user->obj->update( { password => $new } );
- $c->stash->{password_changed} = 1;
-
+ if ($c->user->password) {
+ # we should have a usable password - save it to the user
+ $c->user->obj->update( { password => $new } );
+ $c->stash->{password_changed} = 1;
+ } else {
+ # Set up arguments for code sign in
+ $c->set_param('username', $c->user->username);
+ $c->set_param('password_register', $new);
+ $c->set_param('r', 'auth/change_password/success');
+ $c->detach('/auth/code_sign_in');
+ }
}
=head2 change_email
@@ -149,6 +165,12 @@ sub change_phone_success : Path('/auth/change_phone/success') {
$c->res->redirect('/my');
}
+sub change_password_success : Path('/auth/change_password/success') {
+ my ( $self, $c ) = @_;
+ $c->flash->{flash_message} = _('Your password has been changed');
+ $c->res->redirect('/my');
+}
+
sub generate_token : Path('/auth/generate_token') {
my ($self, $c) = @_;