[freeside-commits] branch FREESIDE_3_BRANCH updated. 204902c9dd654a2bc0e7400b057bcd8c4a60ab54

Ivan ivan at 420.am
Wed May 7 02:05:41 PDT 2014 

The branch, FREESIDE_3_BRANCH has been updated
       via  204902c9dd654a2bc0e7400b057bcd8c4a60ab54 (commit)
      from  dfc390ed3e27de2f1ec26edf9c07f5d3bd8a6049 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 204902c9dd654a2bc0e7400b057bcd8c4a60ab54
Author: Ivan Kohler <ivan at freeside.biz>
Date:   Wed May 7 02:05:39 2014 -0700

    check old_password if passed to self-service API, require with config setting, RT#29015

diff --git a/FS/FS/ClientAPI/MyAccount.pm b/FS/FS/ClientAPI/MyAccount.pm
index 5b590da..47f3bd8 100644
--- a/FS/FS/ClientAPI/MyAccount.pm
+++ b/FS/FS/ClientAPI/MyAccount.pm
@@ -2856,6 +2856,13 @@ sub myaccount_passwd {
   my $error = '';
 
   my $conf = new FS::Conf;
+
+  return { 'error' => 'Incorrect current password.' }
+    if  ( exists($p->{'old_password'})
+          || $conf->exists('selfservice-password_change_oldpass')
+        )
+    && ! $svc_acct->check_password($p->{'old_password'});
+
   $error = 'Password too short.'
     if length($p->{'new_password'}) < ($conf->config('passwordmin') || 6);
   $error = 'Password too long.'
diff --git a/FS/FS/Conf.pm b/FS/FS/Conf.pm
index 751a959..adf5c86 100644
--- a/FS/FS/Conf.pm
+++ b/FS/FS/Conf.pm
@@ -2869,6 +2869,13 @@ and customer address. Include units.',
   },
 
   {
+    'key'         => 'selfservice-password_change_oldpass',
+    'section'     => 'self-service',
+    'description' => 'Require old password to be entered again for password changes (in addition to being logged in), at the API level.',
+    'type'        => 'checkbox',
+  },
+
+  {
     'key'         => 'selfservice-hide_invoices-taxclass',
     'section'     => 'self-service',
     'description' => 'Hide invoices with only this package tax class from self-service and supress sending (emailing, printing, faxing) them.  Typically set to something like "Previous balance" and used when importing legacy invoices into legacy_cust_bill.',

-----------------------------------------------------------------------

Summary of changes:
 FS/FS/ClientAPI/MyAccount.pm |    7 +++++++
 FS/FS/Conf.pm                |    7 +++++++
 2 files changed, 14 insertions(+), 0 deletions(-)

More information about the freeside-commits mailing list