diff options
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-phosphor/webui/webui-vue/0001-Old-password-input-in-change-password-screen.patch')
-rw-r--r-- | meta-openbmc-mods/meta-common/recipes-phosphor/webui/webui-vue/0001-Old-password-input-in-change-password-screen.patch | 135 |
1 files changed, 135 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/webui/webui-vue/0001-Old-password-input-in-change-password-screen.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/webui/webui-vue/0001-Old-password-input-in-change-password-screen.patch new file mode 100644 index 000000000..313ba9387 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/webui/webui-vue/0001-Old-password-input-in-change-password-screen.patch @@ -0,0 +1,135 @@ +From 9da7bafdcee1bd022b7e47eecf704eb799b389e8 Mon Sep 17 00:00:00 2001 +From: Yaswanth Reddy M <yaswanthx.reddy.munukuru@intel.com> +Date: Wed, 17 May 2023 10:47:56 +0000 +Subject: [PATCH] Old password input in change password screen + +When the user changed their password in profile settings, to prevent +XSS attacks, I added the current password input field to authenticate +the user. + +Once the authentication had success with the current password, then +allowing the update was possible. After the password is changed +successfully, all the sessions of the user who changed the password +will be disconnected, including the current session. and the current +session will navigate to the login page. + +Signed-off-by: Yaswanth Reddy M <yaswanthx.reddy.munukuru@intel.com> +--- + src/locales/en-US.json | 4 +- + src/views/ProfileSettings/ProfileSettings.vue | 54 +++++++++++++++++-- + 2 files changed, 53 insertions(+), 5 deletions(-) + +diff --git a/src/locales/en-US.json b/src/locales/en-US.json +index 637f052..8d98abb 100644 +--- a/src/locales/en-US.json ++++ b/src/locales/en-US.json +@@ -617,6 +617,7 @@ + "confirmPassword": "Confirm new password", + "defaultUTC": "Default (UTC)", + "newPassword": "New password", ++ "currentPassword": "Current password", + "newPassLabelTextInfo": "Password must be between %{min} - %{max} characters", + "passwordsDoNotMatch": "Passwords do not match", + "profileInfoTitle": "Profile information", +@@ -625,7 +626,8 @@ + "timezoneDisplayDesc": "Select how time is displayed throughout the application", + "username": "Username", + "toast": { +- "successSaveSettings": "Successfully saved account settings." ++ "successSaveSettings": "Successfully saved account settings.", ++ "wrongCredentials": "Wrong credentials" + } + }, + "pageNetwork": { +diff --git a/src/views/ProfileSettings/ProfileSettings.vue b/src/views/ProfileSettings/ProfileSettings.vue +index 35fc800..330fd4a 100644 +--- a/src/views/ProfileSettings/ProfileSettings.vue ++++ b/src/views/ProfileSettings/ProfileSettings.vue +@@ -23,6 +23,21 @@ + <page-section + :section-title="$t('pageProfileSettings.changePassword')" + > ++ <b-form-group ++ id="input-group-0" ++ :label="$t('pageProfileSettings.currentPassword')" ++ label-for="input-0" ++ > ++ <input-password-toggle> ++ <b-form-input ++ id="old-password" ++ v-model="form.currentPassword" ++ type="password" ++ data-test-id="profileSettings-input-ocurrentPassword" ++ class="form-control-with-button" ++ /> ++ </input-password-toggle> ++ </b-form-group> + <b-form-group + id="input-group-1" + :label="$t('pageProfileSettings.newPassword')" +@@ -151,6 +166,7 @@ export default { + form: { + newPassword: '', + confirmPassword: '', ++ currentPassword: '', + isUtcDisplay: this.$store.getters['global/isUtcDisplay'], + }, + }; +@@ -198,9 +214,12 @@ export default { + this.$store + .dispatch('userManagement/updateUser', userData) + .then((message) => { +- (this.form.newPassword = ''), (this.form.confirmPassword = ''); ++ (this.form.newPassword = ''), ++ (this.form.confirmPassword = ''), ++ (this.form.currentPassword = ''); + this.$v.$reset(); + this.successToast(message); ++ this.$store.dispatch('authentication/logout'); + }) + .catch(({ message }) => this.errorToast(message)); + }, +@@ -212,10 +231,37 @@ export default { + ); + }, + submitForm() { +- if (this.form.confirmPassword || this.form.newPassword) { +- this.saveNewPasswordInputData(); ++ if ( ++ this.form.confirmPassword && ++ this.form.newPassword && ++ this.form.currentPassword ++ ) { ++ this.confirmAuthenticate(); + } +- this.saveTimeZonePrefrenceData(); ++ if ( ++ this.$store.getters['global/isUtcDisplay'] != this.form.isUtcDisplay ++ ) { ++ this.saveTimeZonePrefrenceData(); ++ } ++ }, ++ confirmAuthenticate() { ++ this.$v.form.newPassword.$touch(); ++ if (this.$v.$invalid) return; ++ ++ const username = this.username; ++ const password = this.form.currentPassword; ++ ++ this.$store ++ .dispatch('authentication/login', { username, password }) ++ .then(() => { ++ this.saveNewPasswordInputData(); ++ }) ++ .catch(() => { ++ this.$v.$reset(); ++ this.errorToast( ++ this.$t('pageProfileSettings.toast.wrongCredentials') ++ ); ++ }); + }, + }, + }; +-- +2.25.1 + |