Fixed to require the user to input the password when changing the log in ID, since the HTTP digest authentication requires both the log in ID and the password to create and store the new hash in the Mia core application.

2020-08-11 21:46:40 +08:00 · 2020-08-11 21:46:40 +08:00 · 990a5686d9
commit 990a5686d9
parent 7ecc570cf4
4 changed files with 85 additions and 25 deletions
--- a/mia_core/forms.py
+++ b/mia_core/forms.py
@ -62,7 +62,8 @@ class UserForm(forms.Form):
        """
        errors = []
        validators = [self._validate_login_id_unique,
-                      self._validate_password_required,
+                      self._validate_password_new_required,
+                      self._validate_password_login_id_changed_required,
                      self._validate_password2_required,
                      self._validate_passwords_equal,
                      self._validate_is_disabled_not_oneself]
@ -92,7 +93,7 @@ class UserForm(forms.Form):
        self.add_error("login_id", error)
        raise error

-    def _validate_password_required(self):
+    def _validate_password_new_required(self):
        """Validates whether the password is entered for newly-created users.

        Raises:
@ -107,6 +108,27 @@ class UserForm(forms.Form):
        self.add_error("password", error)
        raise error

+    def _validate_password_login_id_changed_required(self):
+        """Validates whether the password is entered for users whose login ID
+        changed.
+
+        Raises:
+            forms.ValidationError: When the validation fails.
+        """
+        if self.user is None:
+            return
+        if "login_id" not in self.data:
+            return
+        if self.data["login_id"] == self.user.login_id:
+            return
+        if "password" in self.data:
+            return
+        error = forms.ValidationError(
+            _("Please fill in the password to change the log in ID."),
+            code="password_required")
+        self.add_error("password", error)
+        raise error
+
    def _validate_password2_required(self):
        """Validates whether the second password is entered.

--- a/mia_core/locale/zh_Hant/LC_MESSAGES/django.po
+++ b/mia_core/locale/zh_Hant/LC_MESSAGES/django.po
@ -7,8 +7,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: mia-core 3.0\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2020-08-10 02:42+0800\n"
-"PO-Revision-Date: 2020-08-11 10:14+0800\n"
+"POT-Creation-Date: 2020-08-11 21:41+0800\n"
+"PO-Revision-Date: 2020-08-11 21:44+0800\n"
 "Last-Translator: imacat <imacat@mail.imacat.idv.tw>\n"
 "Language-Team: Traditional Chinese <imacat@mail.imacat.idv.tw>\n"
 "Language: Traditional Chinese\n"
@ -36,23 +36,27 @@ msgstr "請填寫姓名。"
 msgid "This name is too long (max 32 characters)."
 msgstr "姓名太長了（最長32個字）。"

-#: mia_core/forms.py:90
+#: mia_core/forms.py:91
 msgid "This log in ID is already in use."
 msgstr "登入帳號和其他人重複。"

-#: mia_core/forms.py:105
+#: mia_core/forms.py:106
 msgid "Please fill in the password."
 msgstr "請填寫密碼。"

-#: mia_core/forms.py:121
+#: mia_core/forms.py:127
+msgid "Please fill in the password to change the log in ID."
+msgstr "變更登入帳號時，請填寫密碼。"
+
+#: mia_core/forms.py:143
 msgid "Please enter the password again to verify it."
 msgstr "請再次確認密碼。"

-#: mia_core/forms.py:138
+#: mia_core/forms.py:160
 msgid "The two passwords do not match."
 msgstr "兩次密碼不符，請重新輸入。"

-#: mia_core/forms.py:158 mia_core/templates/mia_core/user_form.html:85
+#: mia_core/forms.py:180 mia_core/templates/mia_core/user_form.html:85
 msgid "You cannot disable your own account."
 msgstr "不能停用自己的帳號。"

--- a/mia_core/locale/zh_Hant/LC_MESSAGES/djangojs.po
+++ b/mia_core/locale/zh_Hant/LC_MESSAGES/djangojs.po
@ -7,8 +7,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: mia-core-js 3.0\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2020-08-09 21:54+0800\n"
-"PO-Revision-Date: 2020-08-11 10:14+0800\n"
+"POT-Creation-Date: 2020-08-11 21:42+0800\n"
+"PO-Revision-Date: 2020-08-11 21:44+0800\n"
 "Last-Translator: imacat <imacat@mail.imacat.idv.tw>\n"
 "Language-Team: Traditional Chinese <imacat@mail.imacat.idv.tw>\n"
 "Language: Traditional Chinese\n"
@ -17,30 +17,34 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=1; plural=0;\n"

-#: mia_core/static/mia_core/js/user-form.js:129
+#: mia_core/static/mia_core/js/user-form.js:154
 msgid "Please fill in the log in ID."
 msgstr "請填寫登入帳號。"

-#: mia_core/static/mia_core/js/user-form.js:134
+#: mia_core/static/mia_core/js/user-form.js:159
 msgid "You cannot use slash (/) in the log in ID."
 msgstr "登入帳號不可以包含斜線 (/) 。"

-#: mia_core/static/mia_core/js/user-form.js:154
+#: mia_core/static/mia_core/js/user-form.js:179
 msgid "This log in ID is already in use."
 msgstr "登入帳號和其他人重複。"

-#: mia_core/static/mia_core/js/user-form.js:177
+#: mia_core/static/mia_core/js/user-form.js:204
+msgid "Please fill in the password to change the log in ID."
+msgstr "變更登入帳號時，請填寫密碼。"
+
+#: mia_core/static/mia_core/js/user-form.js:206
 msgid "Please fill in the password."
 msgstr "請填寫密碼。"

-#: mia_core/static/mia_core/js/user-form.js:201
+#: mia_core/static/mia_core/js/user-form.js:231
 msgid "Please enter the password again to verify it."
 msgstr "請再次確認密碼。"

-#: mia_core/static/mia_core/js/user-form.js:207
+#: mia_core/static/mia_core/js/user-form.js:237
 msgid "The two passwords do not match."
 msgstr "兩次密碼不符，請重新輸入。"

-#: mia_core/static/mia_core/js/user-form.js:228
+#: mia_core/static/mia_core/js/user-form.js:258
 msgid "Please fill in the name."
 msgstr "請填寫姓名。"
--- a/mia_core/static/mia_core/js/user-form.js
+++ b/mia_core/static/mia_core/js/user-form.js
@ -23,23 +23,48 @@

 // Initializes the page JavaScript.
 $(function () {
-    $("#user-login-id").on("blur", function () {
+    $("#user-login-id")
+        .on("blur", function () {
        validateLoginId();
-    });
-    $("#user-password").on("blur", function () {
+        updatePasswordRequirement();
+    })
+    $("#user-password")
+        .on("blur", function () {
        validatePassword();
    });
-    $("#user-password2").on("blur", function () {
+    $("#user-password2")
+        .on("blur", function () {
        validatePassword2();
    });
-    $("#user-name").on("blur", function () {
+    $("#user-name")
+        .on("blur", function () {
        validateName();
    });
-    $("#user-form").on("submit", function () {
+    $("#user-form")
+        .on("submit", function () {
        return validateForm();
    });
 });

+/**
+ * Updates the password required when the log in ID is changed.
+ *
+ * The HTTP digest authentication requires both the log in ID and the
+ * password to compose and store the hash.  When the log in ID is
+ * changed, we will also need the password in order to update the
+ * hash.
+ *
+ * @private
+ */
+function updatePasswordRequirement() {
+    const originalId = $("#user-login-id-original").val();
+    if (originalId === "") {
+        return;
+    }
+    $("#user-password")[0].required = ($("#user-login-id").val() !== originalId);
+    validatePassword();
+}
+

 /*******************
 * Form Validation *
@ -174,7 +199,12 @@ async function validatePassword() {
    if (password.required) {
        if (password.value === "") {
            password.classList.add("is-invalid");
-            errorMessage.text(gettext("Please fill in the password."));
+            const originalId = $("#user-login-id-original").val();
+            if (originalId === "" || $("#user-login-id").val() !== originalId) {
+                errorMessage.text(gettext("Please fill in the password to change the log in ID."));
+            } else {
+                errorMessage.text(gettext("Please fill in the password."));
+            }
            return false;
        }
    }