diff options
| author | Ivan Kohler <ivan@freeside.biz> | 2014-05-07 02:05:39 -0700 |
|---|---|---|
| committer | Ivan Kohler <ivan@freeside.biz> | 2014-05-07 02:05:39 -0700 |
| commit | 204902c9dd654a2bc0e7400b057bcd8c4a60ab54 (patch) | |
| tree | ac8023c55cfd233d6fe6295cb9cb456dcebc11ca | |
| parent | dfc390ed3e27de2f1ec26edf9c07f5d3bd8a6049 (diff) | |
check old_password if passed to self-service API, require with config setting, RT#29015
| -rw-r--r-- | FS/FS/ClientAPI/MyAccount.pm | 7 | ||||
| -rw-r--r-- | FS/FS/Conf.pm | 7 |
2 files changed, 14 insertions, 0 deletions
diff --git a/FS/FS/ClientAPI/MyAccount.pm b/FS/FS/ClientAPI/MyAccount.pm index 5b590da2b..47f3bd88e 100644 --- a/FS/FS/ClientAPI/MyAccount.pm +++ b/FS/FS/ClientAPI/MyAccount.pm @@ -2856,6 +2856,13 @@ sub myaccount_passwd { my $error = ''; my $conf = new FS::Conf; + + return { 'error' => 'Incorrect current password.' } + if ( exists($p->{'old_password'}) + || $conf->exists('selfservice-password_change_oldpass') + ) + && ! $svc_acct->check_password($p->{'old_password'}); + $error = 'Password too short.' if length($p->{'new_password'}) < ($conf->config('passwordmin') || 6); $error = 'Password too long.' diff --git a/FS/FS/Conf.pm b/FS/FS/Conf.pm index 751a95966..adf5c867b 100644 --- a/FS/FS/Conf.pm +++ b/FS/FS/Conf.pm @@ -2869,6 +2869,13 @@ and customer address. Include units.', }, { + 'key' => 'selfservice-password_change_oldpass', + 'section' => 'self-service', + 'description' => 'Require old password to be entered again for password changes (in addition to being logged in), at the API level.', + 'type' => 'checkbox', + }, + + { 'key' => 'selfservice-hide_invoices-taxclass', 'section' => 'self-service', 'description' => 'Hide invoices with only this package tax class from self-service and supress sending (emailing, printing, faxing) them. Typically set to something like "Previous balance" and used when importing legacy invoices into legacy_cust_bill.', |