diff options
| author | Ivan Kohler <ivan@freeside.biz> | 2014-05-07 02:05:36 -0700 |
|---|---|---|
| committer | Ivan Kohler <ivan@freeside.biz> | 2014-05-07 02:05:36 -0700 |
| commit | 7ad62cea1758b8f2e4f0e0d4d8bab36a864b5938 (patch) | |
| tree | eb96e45312afa302c0eec54564e738a4dfb539ed | |
| parent | 028c83edfa000f6bdbcd32ee3ffd5ee5561110d2 (diff) | |
check old_password if passed to self-service API, require with config setting, RT#29015
| -rw-r--r-- | FS/FS/ClientAPI/MyAccount.pm | 7 | ||||
| -rw-r--r-- | FS/FS/Conf.pm | 7 |
2 files changed, 14 insertions, 0 deletions
diff --git a/FS/FS/ClientAPI/MyAccount.pm b/FS/FS/ClientAPI/MyAccount.pm index 30cddd901..e5078f960 100644 --- a/FS/FS/ClientAPI/MyAccount.pm +++ b/FS/FS/ClientAPI/MyAccount.pm @@ -2860,6 +2860,13 @@ sub myaccount_passwd { my $error = ''; my $conf = new FS::Conf; + + return { 'error' => 'Incorrect current password.' } + if ( exists($p->{'old_password'}) + || $conf->exists('selfservice-password_change_oldpass') + ) + && ! $svc_acct->check_password($p->{'old_password'}); + $error = 'Password too short.' if length($p->{'new_password'}) < ($conf->config('passwordmin') || 6); $error = 'Password too long.' diff --git a/FS/FS/Conf.pm b/FS/FS/Conf.pm index f1893b7a4..08bd6a750 100644 --- a/FS/FS/Conf.pm +++ b/FS/FS/Conf.pm @@ -2869,6 +2869,13 @@ and customer address. Include units.', }, { + 'key' => 'selfservice-password_change_oldpass', + 'section' => 'self-service', + 'description' => 'Require old password to be entered again for password changes (in addition to being logged in), at the API level.', + 'type' => 'checkbox', + }, + + { 'key' => 'selfservice-hide_invoices-taxclass', 'section' => 'self-service', 'description' => 'Hide invoices with only this package tax class from self-service and supress sending (emailing, printing, faxing) them. Typically set to something like "Previous balance" and used when importing legacy invoices into legacy_cust_bill.', |