Merge pull request #339 from javorszky/iss282

Users can change password
This commit is contained in:
Hannah Wolfe 2013-08-06 01:17:43 -07:00
commit eac3047d45
6 changed files with 102 additions and 3 deletions

View File

@ -69,6 +69,7 @@
<label><strong>Verify Password</strong></label>
<input type="password" id="user-new-password-verification">
</div>
<button class="button-change-password">Change Password</button>
</fieldset>

View File

@ -181,7 +181,8 @@
},
events: {
'click .button-save': 'saveUser'
'click .button-save': 'saveUser',
'click .button-change-password': 'changePassword'
},
saveUser: function () {
@ -199,6 +200,55 @@
});
},
changePassword: function (event) {
event.preventDefault();
var self = this,
email = this.$('#user-email').val(),
oldPassword = this.$('#user-password-old').val(),
newPassword = this.$('#user-password-new').val(),
ne2Password = this.$('#user-new-password-verification').val();
if (newPassword !== ne2Password || newPassword.length < 6 || oldPassword.length < 6) {
this.saveError();
return;
}
$.ajax({
url: '/ghost/changepw/',
type: 'POST',
data: {
email: email,
password: oldPassword,
newpassword: newPassword,
ne2password: ne2Password
},
success: function (msg) {
self.addSubview(new Ghost.Views.NotificationCollection({
model: [{
type: 'success',
message: msg.msg,
status: 'passive',
id: 'success-98'
}]
}));
self.$('#user-password-old').val('');
self.$('#user-password-new').val('');
self.$('#user-new-password-verification').val('');
},
error: function (obj, string, status) {
self.addSubview(new Ghost.Views.NotificationCollection({
model: [{
type: 'error',
message: 'Invalid username or password',
status: 'passive'
}]
}));
}
});
},
templateName: 'settings/user-profile',
beforeRender: function () {

View File

@ -65,6 +65,9 @@ users = {
},
check: function check(postData) {
return dataProvider.User.check(postData);
},
changePassword: function changePassword(postData) {
return dataProvider.User.changePassword(postData);
}
};

View File

@ -104,6 +104,19 @@ adminControllers = {
res.send(401);
});
},
changepw: function (req, res) {
api.users.changePassword({
email: req.body.email,
oldpw: req.body.password,
newpw: req.body.newpassword,
ne2pw: req.body.ne2password
}).then(function (user) {
res.json(200, {msg: 'Password changed successfully'});
}, function (error) {
res.send(401);
});
},
'signup': function (req, res) {
res.render('signup', {
bodyClass: 'ghost-login',

View File

@ -124,6 +124,37 @@ User = GhostBookshelf.Model.extend({
}, errors.logAndThrowError);
},
/**
* Naive change password method
* @param {object} _userdata email, old pw, new pw, new pw2
*
*/
changePassword: function (_userdata) {
var email = _userdata.email,
oldPassword = _userdata.oldpw,
newPassword = _userdata.newpw,
ne2Password = _userdata.ne2pw;
if (newPassword !== ne2Password) {
return when.reject(new Error('Passwords aren\'t the same'));
}
return this.forge({
email_address: email
}).fetch({require: true}).then(function (user) {
return nodefn.call(bcrypt.compare, oldPassword, user.get('password'))
.then(function (matched) {
if (!matched) {
return when.reject(new Error('Passwords do not match'));
}
return nodefn.call(bcrypt.hash, newPassword, null, null).then(function (hash) {
user.save({password: hash});
return user;
});
});
});
},
effectivePermissions: function (id) {
return this.read({id: id}, { withRelated: ['permissions', 'roles.permissions'] })
.then(function (foundUser) {

View File

@ -178,6 +178,7 @@ when.all([ghost.init(), filters.loadCoreFilters(ghost), helpers.loadCoreHelpers(
ghost.app().get('/ghost/signup/', admin.signup);
ghost.app().post('/ghost/login/', admin.auth);
ghost.app().post('/ghost/signup/', admin.doRegister);
ghost.app().post('/ghost/changepw/', auth, admin.changepw);
ghost.app().get('/ghost/editor/:id', auth, admin.editor);
ghost.app().get('/ghost/editor', auth, admin.editor);
ghost.app().get('/ghost/content', auth, admin.content);