From 498ac77e54541177be27b0c710e387c47b3836ea Mon Sep 17 00:00:00 2001 From: JiaJia Ji Date: Tue, 26 Sep 2023 09:37:41 +0200 Subject: [PATCH] [Improvement]: Check if new password is NOT the same as the old one when resetting (#285) * add check that new passoword is different than old one * refactor empty old password check * add CHANGELOG * Update CHANGELOG.md --------- Co-authored-by: Divesh Pahuja --- CHANGELOG.md | 1 + src/Controller/Admin/UserController.php | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 01dc897135..f1cf8433e4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,6 @@ #### v1.2.0 - DataObject used to automatically reload version after save, but now it's triggered only on successfull save. The reload can be forced by setting `forceReloadVersionsAfterSave` to `true` in a `postSaveObject` event listener. + - [User -> Settings] When resetting password, setting the new password same as the old one would throw an error. #### v1.1.0 - `Pimcore\Bundle\AdminBundle\Service\ElementService` is marked as internal. diff --git a/src/Controller/Admin/UserController.php b/src/Controller/Admin/UserController.php index 4a1b242b32..146ad85192 100644 --- a/src/Controller/Admin/UserController.php +++ b/src/Controller/Admin/UserController.php @@ -589,6 +589,11 @@ public function updateCurrentUserAction(Request $request, ValidatorInterface $va } if ($oldPasswordCheck && $values['new_password'] == $values['retype_password']) { + + if (Tool\Authentication::verifyPassword($user, $values['new_password'])) { + throw new \Exception('The new password cannot be the same as the old one'); + } + $values['password'] = Tool\Authentication::getPasswordHash($user->getName(), $values['new_password']); } else { if (!$oldPasswordCheck) {