DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-03-05 20:52:15 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Fixes #3085 - adds “change password” functionality back to user accounts

Browse source
This commit is contained in:
snipe 2017-08-22 12:09:04 -07:00
parent 9c02526a37
commit 71c1c74164
6 changed files with 101 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

63
app/Http/Controllers/ProfileController.php
View file

@ -4,12 +4,13 @@ namespace App\Http\Controllers;
use Image;
use Input;
use Redirect;
use App\Models\Location;
use View;
use Auth;
use App\Helpers\Helper;
use App\Models\Setting;
use Gate;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
/**
* This controller handles all actions related to User Profiles for
@ -87,4 +88,64 @@ class ProfileController extends Controller
public function api() {
return view('account/api');
}
/**
* User change email page.
*
* @return View
*/
public function password()
{
$user = Auth::user();
return view('account/change-password', compact('user'));
}
/**
* Users change password form processing page.
*
* @return Redirect
*/
public function passwordSave(Request $request)
{
if (config('app.lock_passwords')) {
return redirect()->route('account.password.index')->with('error', Lang::get('admin/users/table.lock_passwords'));
} else {
// Grab the user
$user = Auth::user();
if ($user->ldap_import=='1') {
return redirect()->route('account.password.index')->with('error', Lang::get('admin/users/message.error.password_ldap'));
}
$rules = array(
'current_password' => 'required',
'password' => 'required|min:6',
'password_confirm' => 'required|same:password',
);
$validator = \Validator::make($request->all(), $rules);
$validator->after(function($validator) use ($request, $user) {
if (!Hash::check($request->input('current_password'), $user->password)) {
$validator->errors()->add('current_password', trans('validation.hashed_pass'));
}
});
if (!$validator->fails()) {
$user->password = Hash::make($request->input('password'));
$user->save();
return redirect()->route('account.password.index')->with('success', 'Password updated!');
}
return redirect()->back()->withInput()->withErrors($validator);
}
}
}

1
resources/lang/en/admin/users/message.php
View file

@ -41,6 +41,7 @@ return array(
'ldap_could_not_bind' => 'Could not bind to the LDAP server. Please check your LDAP server configuration in the LDAP config file. <br>Error from LDAP Server: ',
'ldap_could_not_search' => 'Could not search the LDAP server. Please check your LDAP server configuration in the LDAP config file. <br>Error from LDAP Server:',
'ldap_could_not_get_entries' => 'Could not get entries from the LDAP server. Please check your LDAP server configuration in the LDAP config file. <br>Error from LDAP Server:',
'password_ldap' => 'The password for this account is managed by LDAP/Active Directory. Please contact your IT department to change your password. ',
),
'deletefile' => array(

1
resources/lang/en/validation.php
View file

@ -35,6 +35,7 @@ return array(
"email" => "The :attribute format is invalid.",
"exists" => "The selected :attribute is invalid.",
"email_array" => "One or more email addresses is invalid.",
"hashed_pass" => "Your current password is incorrect",
"image" => "The :attribute must be an image.",
"in" => "The selected :attribute is invalid.",
"integer" => "The :attribute must be an integer.",

47
resources/views/account/change-password.blade.php
View file

@ -2,35 +2,35 @@
{{-- Page title --}}
@section('title')
Change your Password
{{ trans('general.changepassword') }}
@stop
{{-- Account page content --}}
@section('content')
<div class="row header">
<div class="col-md-12">
<h3>{{ trans('general.changepassword') }}</h3>
</div>
</div>
<div class="row form-wrapper">
<form method="post" action="" class="form-horizontal" autocomplete="off">
<div class="row">
<div class="col-md-9">
{{ Form::open(['method' => 'POST', 'files' => true, 'class' => 'form-horizontal', 'autocomplete' => 'off']) }}
<!-- CSRF Token -->
<input type="hidden" name="_token" value="{{ csrf_token() }}" />
<div class="box box-default">
<div class="box-body">
<!-- Old Password -->
<div class="form-group {{ $errors->has('old_password') ? ' has-error' : '' }}">
<label for="old_password" class="col-md-2 control-label">Old Password
<div class="form-group {{ $errors->has('current_password') ? ' has-error' : '' }}">
<label for="current_password" class="col-md-3 control-label">Current Password
<i class='fa fa-asterisk'></i>
</label>
<div class="col-md-5">
<input class="form-control" type="password" name="old_password" id="old_password" {{ (config('app.lock_passwords') ? ' disabled' : '') }}>
{!! $errors->first('old_password', '<span class="alert-msg"><i class="fa fa-times"></i> :message</span>') !!}
<input class="form-control" type="password" name="current_password" id="current_password" {{ (config('app.lock_passwords') ? ' disabled' : '') }}>
{!! $errors->first('current_password', '<span class="alert-msg"><i class="fa fa-times"></i> :message</span>') !!}
</div>
</div>
<div class="form-group {{ $errors->has('password') ? ' has-error' : '' }}">
<label for="password" class="col-md-2 control-label">New Password
<label for="password" class="col-md-3 control-label">New Password
<i class='fa fa-asterisk'></i></label>
<div class="col-md-5">
<input class="form-control" type="password" name="password" id="password" {{ (config('app.lock_passwords') ? ' disabled' : '') }}>
@ -40,7 +40,7 @@ Change your Password
<div class="form-group {{ $errors->has('password_confirm') ? ' has-error' : '' }}">
<label for="password_confirm" class="col-md-2 control-label">New Password
<label for="password_confirm" class="col-md-3 control-label">New Password
<i class='fa fa-asterisk'></i>
</label>
<div class="col-md-5">
@ -52,17 +52,16 @@ Change your Password
</div>
</div>
<hr>
<!-- Form actions -->
<div class="form-group">
<label class="col-md-2 control-label"></label>
<div class="col-md-7">
<a class="btn btn-link" href="{{ route('view-assets') }}">{{ trans('button.cancel') }}</a>
<button type="submit" class="btn btn-success" {{ ((config('app.lock_passwords') && ($user->id)) ? ' disabled' : '') }}><i class="fa fa-check icon-white"></i> {{ trans('general.save') }}</button>
</div>
</div> <!-- .box-body -->
<div class="box-footer text-right">
<a class="btn btn-link" href="{{ URL::previous() }}">{{ trans('button.cancel') }}</a>
<button type="submit" class="btn btn-success"><i class="fa fa-check icon-white"></i> {{ trans('general.save') }}</button>
</div>
</form>
</div>
</div> <!-- .box-default -->
{{ Form::close() }}
</div> <!-- .col-md-9 -->
</div> <!-- .row-->
@stop

8
resources/views/layouts/default.blade.php
View file

@ -301,6 +301,14 @@
<i class="fa fa-user fa-fw"></i> @lang('general.editprofile')
</a>
</li>
<li>
<a href="{{ route('account.password.index') }}">
<i class="fa fa-asterisk"></i> @lang('general.changepassword')
</a>
</li>
@can('self.api')
<li>
<a href="{{ route('user.api') }}">

4
routes/web.php
View file

@ -215,6 +215,10 @@ Route::group([ 'prefix' => 'account', 'middleware' => ['auth']], function () {
# Profile
Route::get('profile', [ 'as' => 'profile', 'uses' => 'ProfileController@getIndex' ]);
Route::post('profile', 'ProfileController@postIndex');
Route::get('password', [ 'as' => 'account.password.index', 'uses' => 'ProfileController@password' ]);
Route::post('password', [ 'uses' => 'ProfileController@passwordSave' ]);
Route::get('api', [ 'as' => 'user.api', 'uses' => 'ProfileController@api' ]);
# View Assets