Merge pull request #1634 from nextcloud/fix-password-policy-hint

Properly catch password policy hint for personal page password changes

Merge pull request #1634 from nextcloud/fix-password-policy-hint
4873f080 · Joas Schilling · GitHub · 8231b4a2 · c84dc6aa · 4873f080
Commit 4873f080 authored 8 years ago by Joas Schilling Committed by GitHub 8 years ago
--- a/settings/Controller/ChangePasswordController.php
+++ b/settings/Controller/ChangePasswordController.php
@@ -91,6 +91,7 @@ class ChangePasswordController extends Controller {
 	 * @return JSONResponse
 	 */
 	public function changePersonalPassword($oldpassword = '', $newpassword = null) {
+		/** @var IUser $user */
 		$user = $this->userManager->checkPassword($this->userId, $oldpassword);
 		if ($user === false) {
 			return new JSONResponse([
@@ -101,10 +102,19 @@ class ChangePasswordController extends Controller {
 			]);
 		}
-		/** @var IUser $user */
+		try {
-		if ($newpassword === null || $user->setPassword($newpassword) === false) {
+			if ($newpassword === null || $user->setPassword($newpassword) === false) {
+				return new JSONResponse([
+					'status' => 'error'
+				]);
+			}
+		// password policy app throws exception
+		} catch(HintException $e) {
 			return new JSONResponse([
-				'status' => 'error'
+				'status' => 'error',
+				'data' => [
+					'message' => $e->getHint(),
+				],
 			]);
 		}
@@ -216,7 +226,17 @@ class ChangePasswordController extends Controller {
 					]
 				]);
 			} else { // now we know that everything is fine regarding the recovery password, let's try to change the password
-				$result = $targetUser->setPassword($password, $recoveryPassword);
+				try {
+					$result = $targetUser->setPassword($password, $recoveryPassword);
+				// password policy app throws exception
+				} catch(HintException $e) {
+					return new JSONResponse([
+						'status' => 'error',
+						'data' => [
+							'message' => $e->getHint(),
+						],
+					]);
+				}
 				if (!$result && $recoveryEnabledForUser) {
 					return new JSONResponse([
 						'status' => 'error',

--- a/tests/Core/Controller/ChangePasswordControllerTest.php
+++ b/tests/Core/Controller/ChangePasswordControllerTest.php
@@ -21,6 +21,7 @@
 */
 namespace Tests\Core\Controller;
+use OC\HintException;
 use OC\Settings\Controller\ChangePasswordController;
 use OC\User\Session;
 use OCP\App\IAppManager;
@@ -94,6 +95,30 @@ class ChangePasswordControllerTest extends \Test\TestCase {
 		$this->assertEquals($expects, $res->getData());
 	}
+	public function testChangePersonalPasswordCommonPassword() {
+		$user = $this->getMockBuilder('OCP\IUser')->getMock();
+		$this->userManager->expects($this->once())
+			->method('checkPassword')
+			->with($this->userId, 'old')
+			->willReturn($user);
+		$user->expects($this->once())
+			->method('setPassword')
+			->with('new')
+			->will($this->throwException(new HintException('Common password')));
+		$expects = [
+			'status' => 'error',
+			'data' => [
+				'message' => 'Common password',
+			],
+		];
+		$res = $this->controller->changePersonalPassword('old', 'new');
+		$this->assertEquals($expects, $res->getData());
+	}
 	public function testChangePersonalPasswordNoNewPassword() {
 		$user = $this->getMockBuilder('OCP\IUser')->getMock();
 		$this->userManager->expects($this->once())