diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2018-10-21 16:33:28 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2018-10-21 16:33:28 +0200 |
| commit | 46510febf18951b05bfc9afbbdbaf7d5cadf96a9 (patch) | |
| tree | a7cd27b6931eeaba81caa58a89cb69175686735e /app/Controllers/userController.php | |
| parent | 1b5581d96b7954637951f45ca3122d78acd9a510 (diff) | |
Improved flow for password change (#2057)
https://github.com/FreshRSS/FreshRSS/issues/2056
Diffstat (limited to 'app/Controllers/userController.php')
| -rw-r--r-- | app/Controllers/userController.php | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php index 2f066e25f..95859c92c 100644 --- a/app/Controllers/userController.php +++ b/app/Controllers/userController.php @@ -91,6 +91,10 @@ class FreshRSS_user_Controller extends Minz_ActionController { } public function updateAction() { + if (!FreshRSS_Auth::hasAccess('admin')) { + Minz_Error::error(403); + } + if (Minz_Request::isPost()) { $passwordPlain = Minz_Request::param('newPasswordPlain', '', true); Minz_Request::_param('newPasswordPlain'); //Discard plain-text password ASAP @@ -104,8 +108,12 @@ class FreshRSS_user_Controller extends Minz_ActionController { )); if ($ok) { - Minz_Request::good(_t('feedback.user.updated', $username), - array('c' => 'user', 'a' => 'manage')); + $isSelfUpdate = Minz_Session::param('currentUser', '_') === $username; + if ($passwordPlain == '' || !$isSelfUpdate) { + Minz_Request::good(_t('feedback.user.updated', $username), array('c' => 'user', 'a' => 'manage')); + } else { + Minz_Request::good(_t('feedback.profile.updated'), array('c' => 'index', 'a' => 'index')); + } } else { Minz_Request::bad(_t('feedback.user.updated.error', $username), array('c' => 'user', 'a' => 'manage')); @@ -138,8 +146,11 @@ class FreshRSS_user_Controller extends Minz_ActionController { Minz_Session::_param('passwordHash', FreshRSS_Context::$user_conf->passwordHash); if ($ok) { - Minz_Request::good(_t('feedback.profile.updated'), - array('c' => 'user', 'a' => 'profile')); + if ($passwordPlain == '') { + Minz_Request::good(_t('feedback.profile.updated'), array('c' => 'user', 'a' => 'profile')); + } else { + Minz_Request::good(_t('feedback.profile.updated'), array('c' => 'index', 'a' => 'index')); + } } else { Minz_Request::bad(_t('feedback.profile.error'), array('c' => 'user', 'a' => 'profile')); |