Merge pull request #339 from javorszky/iss282

Users can change password

core/client/tpl/settings/user-profile.hbs

@@ -69,8 +69,9 @@
                 <label><strong>Verify Password</strong></label>
                 <input type="password" id="user-new-password-verification">
             </div>
+            <button class="button-change-password">Change Password</button>
 
         </fieldset>
 
     </form>
-</section>
+</section>

core/client/views/settings.js

@@ -181,7 +181,8 @@
         },
 
         events: {
-            'click .button-save': 'saveUser'
+            'click .button-save': 'saveUser',
+            'click .button-change-password': 'changePassword'
         },
 
         saveUser: function () {
@@ -199,6 +200,55 @@
             });
         },
 
+        changePassword: function (event) {
+            event.preventDefault();
+
+            var self = this,
+                email = this.$('#user-email').val(),
+                oldPassword = this.$('#user-password-old').val(),
+                newPassword = this.$('#user-password-new').val(),
+                ne2Password = this.$('#user-new-password-verification').val();
+
+            if (newPassword !== ne2Password || newPassword.length < 6 || oldPassword.length < 6) {
+                this.saveError();
+                return;
+            }
+
+            $.ajax({
+                url: '/ghost/changepw/',
+                type: 'POST',
+                data: {
+                    email: email,
+                    password: oldPassword,
+                    newpassword: newPassword,
+                    ne2password: ne2Password
+                },
+                success: function (msg) {
+
+                    self.addSubview(new Ghost.Views.NotificationCollection({
+                        model: [{
+                            type: 'success',
+                            message: msg.msg,
+                            status: 'passive',
+                            id: 'success-98'
+                        }]
+                    }));
+                    self.$('#user-password-old').val('');
+                    self.$('#user-password-new').val('');
+                    self.$('#user-new-password-verification').val('');
+                },
+                error: function (obj, string, status) {
+                    self.addSubview(new Ghost.Views.NotificationCollection({
+                        model: [{
+                            type: 'error',
+                            message: 'Invalid username or password',
+                            status: 'passive'
+                        }]
+                    }));
+                }
+            });
+        },
+
         templateName: 'settings/user-profile',
 
         beforeRender: function () {

core/server/api.js

@@ -65,6 +65,9 @@ users = {
     },
     check: function check(postData) {
         return dataProvider.User.check(postData);
+    },
+    changePassword: function changePassword(postData) {
+        return dataProvider.User.changePassword(postData);
     }
 };
 

core/server/controllers/admin.js

@@ -104,6 +104,19 @@ adminControllers = {
             res.send(401);
         });
     },
+    changepw: function (req, res) {
+        api.users.changePassword({
+            email: req.body.email,
+            oldpw: req.body.password,
+            newpw: req.body.newpassword,
+            ne2pw: req.body.ne2password
+        }).then(function (user) {
+            res.json(200, {msg: 'Password changed successfully'});
+        }, function (error) {
+            res.send(401);
+        });
+
+    },
     'signup': function (req, res) {
         res.render('signup', {
             bodyClass: 'ghost-login',

core/server/models/user.js

@@ -124,6 +124,37 @@ User = GhostBookshelf.Model.extend({
         }, errors.logAndThrowError);
     },
 
+    /**
+     * Naive change password method
+     * @param  {object} _userdata email, old pw, new pw, new pw2
+     *
+     */
+    changePassword: function (_userdata) {
+        var email = _userdata.email,
+            oldPassword = _userdata.oldpw,
+            newPassword = _userdata.newpw,
+            ne2Password = _userdata.ne2pw;
+
+        if (newPassword !== ne2Password) {
+            return when.reject(new Error('Passwords aren\'t the same'));
+        }
+
+        return this.forge({
+            email_address: email
+        }).fetch({require: true}).then(function (user) {
+            return nodefn.call(bcrypt.compare, oldPassword, user.get('password'))
+                .then(function (matched) {
+                    if (!matched) {
+                        return when.reject(new Error('Passwords do not match'));
+                    }
+                    return nodefn.call(bcrypt.hash, newPassword, null, null).then(function (hash) {
+                        user.save({password: hash});
+                        return user;
+                    });
+                });
+        });
+    },
+
     effectivePermissions: function (id) {
         return this.read({id: id}, { withRelated: ['permissions', 'roles.permissions'] })
             .then(function (foundUser) {
@@ -162,4 +193,4 @@ Users = GhostBookshelf.Collection.extend({
 module.exports = {
     User: User,
     Users: Users
-};
+};

index.js

@@ -178,6 +178,7 @@ when.all([ghost.init(), filters.loadCoreFilters(ghost), helpers.loadCoreHelpers(
     ghost.app().get('/ghost/signup/', admin.signup);
     ghost.app().post('/ghost/login/', admin.auth);
     ghost.app().post('/ghost/signup/', admin.doRegister);
+    ghost.app().post('/ghost/changepw/', auth, admin.changepw);
     ghost.app().get('/ghost/editor/:id', auth, admin.editor);
     ghost.app().get('/ghost/editor', auth, admin.editor);
     ghost.app().get('/ghost/content', auth, admin.content);