From e163282351fb453fe4c2f247443788dcff464ccd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20Espino?= Date: Wed, 30 Jul 2014 15:42:34 +0200 Subject: [PATCH] Now change password directly need the current password --- taiga/users/api.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/taiga/users/api.py b/taiga/users/api.py index ef56fdaf..46a2dee3 100644 --- a/taiga/users/api.py +++ b/taiga/users/api.py @@ -20,8 +20,10 @@ from django.db.models.loading import get_model from django.db.models import Q from django.shortcuts import get_object_or_404 from django.contrib.auth import logout, login, authenticate +from django.contrib.auth.hashers import make_password from django.utils.translation import ugettext_lazy as _ + from rest_framework.response import Response from rest_framework.filters import BaseFilterBackend from rest_framework.permissions import IsAuthenticated, AllowAny @@ -142,13 +144,19 @@ class UsersViewSet(ModelCrudViewSet): """ self.check_permissions(request, "change_password", None) + current_password = request.DATA.get("current_password") password = request.DATA.get("password") + if not current_password: + raise exc.WrongArguments(_("Current password parameter needed")) if not password: - raise exc.WrongArguments(_("Incomplete arguments")) + raise exc.WrongArguments(_("New password parameter needed")) if len(password) < 6: - raise exc.WrongArguments(_("Invalid password length")) + raise exc.WrongArguments(_("Invalid password length at least 6 charaters needed")) + + if not request.user.check_password(current_password): + raise exc.WrongArguments(_("Invalid current password")) request.user.set_password(password) request.user.save(update_fields=["password"])