make user enter current password when modifying password

pkg/api/users.go

@@ -131,8 +131,16 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.Context) (interface{}, *errs
 		userUpdateReq.Email = ""
 	}
 
-	if userUpdateReq.Password != "" && !a.users.IsPasswordEqualsUserPassword(userUpdateReq.Password, user) {
+	if userUpdateReq.Password != "" {
-		anythingUpdate = true
+		if !a.users.IsPasswordEqualsUserPassword(userUpdateReq.OldPassword, user) {
+			return nil, errs.ErrUserPasswordWrong
+		}
+
+		if !a.users.IsPasswordEqualsUserPassword(userUpdateReq.Password, user) {
+			anythingUpdate = true
+		} else {
+			userUpdateReq.Password = ""
+		}
 	} else {
 		userUpdateReq.Password = ""
 	}

pkg/models/user.go

@@ -39,9 +39,10 @@ type UserRegisterRequest struct {
 }
 
 type UserProfileUpdateRequest struct {
-	Email    string `json:"email" binding:"omitempty,notBlank,max=100,validEmail"`
+	Email       string `json:"email" binding:"omitempty,notBlank,max=100,validEmail"`
-	Nickname string `json:"nickname" binding:"omitempty,notBlank,max=64"`
+	Nickname    string `json:"nickname" binding:"omitempty,notBlank,max=64"`
-	Password string `json:"password" binding:"omitempty,min=6,max=128"`
+	Password    string `json:"password" binding:"omitempty,min=6,max=128"`
+	OldPassword string `json:"oldPassword" binding:"omitempty,min=6,max=128"`
 }
 
 type UserProfileResponse struct {

src/lib/services.js

@@ -127,11 +127,12 @@ export default {
     getProfile: () => {
         return axios.get('v1/users/profile/get.json');
     },
-    updateProfile: ({ email, nickname, password }) => {
+    updateProfile: ({ email, nickname, password, oldPassword }) => {
         return axios.post('v1/users/profile/update.json', {
             email,
             nickname,
-            password
+            password,
+            oldPassword
         });
     },
 };

src/locales/en.js

@@ -48,6 +48,7 @@ export default {
         'password': 'Password',
         'email': 'Email',
         'nickname': 'Nickname',
+        'oldPassword': 'Current Password',
     },
     'parameterizedError': {
         'parameter invalid': '{parameter} is invalid',
@@ -64,6 +65,7 @@ export default {
     'Close': 'Close',
     'Update': 'Update',
     'Done': 'Done',
+    'Continue': 'Continue',
     'Version': 'Version',
     'User': 'User',
     'Application': 'Application',
@@ -113,6 +115,8 @@ export default {
     'Unable to sign up': 'Unable to sign up',
     'User registration is disabled': 'User registration is disabled',
     'Unable to get user profile': 'Unable to get user profile',
+    'Current Password': 'Current Password',
+    'Please enter your current password when modifying your password': 'Please enter your current password when modifying your password',
     'Nothing has been modified': 'Nothing has been modified',
     'Your profile has been successfully updated': 'Your profile has been successfully updated',
     'Unable to update user profile': 'Unable to update user profile',

src/locales/zh_Hans.js

@@ -48,6 +48,7 @@ export default {
         'password': '密码',
         'email': '电子邮箱',
         'nickname': '昵称',
+        'oldPassword': '当前密码',
     },
     'parameterizedError': {
         'parameter invalid': '{parameter}无效',
@@ -64,6 +65,7 @@ export default {
     'Close': '关闭',
     'Update': '更新',
     'Done': '完成',
+    'Continue': '继续',
     'Version': '版本',
     'User': '用户',
     'Application': '应用',
@@ -113,6 +115,8 @@ export default {
     'Unable to sign up': '无法注册',
     'User registration is disabled': '用户注册已禁用',
     'Unable to get user profile': '无法获取用户信息',
+    'Current Password': '当前密码',
+    'Please enter your current password when modifying your password': '修改密码时请输入您的当前密码',
     'Nothing has been modified': '没有修改的项目',
     'Your profile has been successfully updated': '您的用户信息更新成功',
     'Unable to update user profile': '无法更新用户信息',

src/views/mobile/users/UserProfile.vue

@@ -42,6 +42,32 @@
         </f7-list>
 
         <f7-button large fill :class="{ 'disabled': inputIsNotChanged }" :text="$t('Update')" @click="update"></f7-button>
+
+        <f7-sheet
+            style="height:auto; --f7-sheet-bg-color: #fff;"
+            backdrop
+            :opened="showInputPasswordSheet" @sheet:closed="showInputPasswordSheet = false"
+        >
+            <div class="sheet-modal-swipe-step">
+                <div class="display-flex padding justify-content-space-between align-items-center">
+                    <div style="font-size: 18px"><b v-t="'Current Password'"></b></div>
+                </div>
+                <div class="padding-horizontal padding-bottom">
+                    <p class="input-password-tips">{{ $t('Please enter your current password when modifying your password') }}</p>
+                    <f7-list no-hairlines class="input-password-form">
+                        <f7-list-input
+                            type="password"
+                            outline
+                            clear-button
+                            :placeholder="$t('Password')"
+                            :value="currentPassword"
+                            @input="currentPassword = $event.target.value"
+                        ></f7-list-input>
+                    </f7-list>
+                    <f7-button large fill :class="{ 'disabled': !currentPassword }" :text="$t('Continue')" @click="update"></f7-button>
+                </div>
+            </div>
+        </f7-sheet>
     </f7-page>
 </template>
 
@@ -49,12 +75,14 @@
 export default {
     data() {
         return {
+            currentPassword: '',
             password: '',
             confirmPassword: '',
             oldEmail: '',
             email: '',
             oldNickname: '',
-            nickname: ''
+            nickname: '',
+            showInputPasswordSheet: false
         };
     },
     computed: {
@@ -128,6 +156,8 @@ export default {
             const app = self.$f7;
             const router = self.$f7router;
 
+            self.showInputPasswordSheet = false;
+
             let problemMessage = self.inputIsNotChangedProblemMessage || self.inputInvalidProblemMessage;
 
             if (problemMessage) {
@@ -135,6 +165,11 @@ export default {
                 return;
             }
 
+            if (self.password && !self.currentPassword) {
+                self.showInputPasswordSheet = true;
+                return;
+            }
+
             let hasResponse = false;
 
             setTimeout(() => {
@@ -145,11 +180,14 @@ export default {
 
             self.$services.updateProfile({
                 password: self.password,
+                oldPassword: self.currentPassword,
                 email: self.email,
                 nickname: self.nickname
             }).then(response => {
                 hasResponse = true;
                 app.preloader.hide();
+                self.currentPassword = '';
+
                 const data = response.data;
 
                 if (!data || !data.success || !data.result) {
@@ -170,6 +208,7 @@ export default {
             }).catch(error => {
                 hasResponse = true;
                 app.preloader.hide();
+                self.currentPassword = '';
 
                 if (error.response && error.response.data && error.response.data.errorMessage) {
                     self.$alert({ error: error.response.data });
@@ -181,3 +220,14 @@ export default {
     }
 };
 </script>
+
+<style scoped>
+.input-password-tips {
+    margin-top: 0;
+}
+
+.input-password-form {
+    margin-top: 0;
+    margin-bottom: 10px;
+}
+</style>