Users
======================
-->
+
+ <record id="view_change_user_password_form" model="ir.ui.view">
+ <field name="name">change.user.password</field>
+ <field name="model">change.user.password</field>
+ <field name="type">form</field>
+ <field name="arch" type="xml">
+ <form string="Change Password">
- <field name="current_password" password="True" readonly="0" colspan="4"/>
- <field name="new_password" password="True" readonly="0" colspan="4"/>
- <field name="confirm_password" password="True" readonly="0" colspan="4"/>
++ <field name="current_password" password="True" readonly="0" colspan="4"/>
++ <field name="new_password" password="True" readonly="0" colspan="4"/>
++ <field name="confirm_password" password="True" readonly="0" colspan="4"/>
++ <label colspan="1" string=""/>
++ <label colspan="3" string="You must logout and login again after changing your password."/>
+ <separator colspan="4" />
+ <label align="0.0" colspan="2" string=""/>
+ <button colspan="1" icon="gtk-cancel" special="cancel" string="Cancel"/>
- <button colspan="1" icon="gtk-execute" name="change_password" string="Change" type="object"/>
++ <button colspan="1" icon="gtk-ok" name="change_password" string="Change" type="object"/>
+ </form>
+ </field>
+ </record>
+
+ <record id="action_view_change_password_form" model="ir.actions.act_window">
+ <field name="name">Change Password</field>
+ <field name="type">ir.actions.act_window</field>
+ <field name="res_model">change.user.password</field>
+ <field name="view_type">form</field>
+ <field name="view_mode">form</field>
+ <field name="target">new</field>
+ </record>
+
<record id="view_users_form_simple_modif" model="ir.ui.view">
<field name="name">res.users.form.modif</field>
<field name="model">res.users</field>
<newline/>
</page>
<page string="Preferences">
- <field name="password" password="True" readonly="0" />
<field name="context_lang" completion="1" readonly="0"/>
- <label string="" colspan="1"/>
- <label colspan="3" string="You must logout and login again after changing your password."/>
<field name="context_tz" completion="1" readonly="0"/>
- <label string="" colspan="1"/>
- <label colspan="3" string="You must logout and login again after changing your password."/>
<field name="menu_tips" colspan="2" readonly="0"/>
+ <label string="" colspan="1"/>
+ <button name="%(action_view_change_password_form)d" string="Change Password" type="action" icon="gtk-execute"/>
<separator string="Email & Signature" colspan="4"/>
<group colspan="4"><field name="user_email" widget="email" readonly="0"/></group>
<field colspan="4" name="signature" readonly="0" nolabel="1"/>
res_config_view()
+ class change_user_password(osv.osv_memory):
+ _name = 'change.user.password'
+ _columns = {
+ 'current_password':fields.char('Current Password', size=64, required=True, help="Enter your current password."),
- 'new_password': fields.char('New Password', size=64, required=True, help="Enter new password."),
- 'confirm_password': fields.char('Confirm Password', size=64, required=True, help="Enter new password again for confirmation."),
++ 'new_password': fields.char('New Password', size=64, required=True, help="Enter the new password."),
++ 'confirm_password': fields.char('Confirm Password', size=64, required=True, help="Enter the new password again for confirmation."),
+ }
+ _defaults={
+ 'current_password' : '',
+ 'new_password' : '',
+ 'confirm_password' : '',
+ }
+
+ def change_password(self, cr, uid, ids, context=None):
- user_obj = self.pool.get('res.users')
- if ids:
- current_password = user_obj.browse(cr, uid, uid, context).password
- password_rec = self.browse(cr, uid, ids[0], context)
++ for form_id in ids:
++ password_rec = self.browse(cr, uid, form_id, context)
+ if password_rec.new_password != password_rec.confirm_password:
- raise osv.except_osv(_('Warning !'), _('New password and confirm password does not match !'))
- elif current_password != password_rec.current_password:
- raise osv.except_osv(_('Warning !'), _('Current password does not match !'))
- else:
- user_obj.write(cr, uid, [uid], {'password': password_rec.new_password}, context)
++ raise osv.except_osv(_('Error !'), _('The new and confirmation passwords do not match, please double-check them.'))
++
++ # Validate current password without reading it from database,
++ # as it could be stored differently (LDAP, encrypted/hashed, etc.)
++ is_correct_password = False
++ try:
++ user_obj = self.pool.get('res.users')
++ is_correct_password = user_obj.check(cr.dbname, uid, password_rec.current_password)
++ except Exception:
++ pass
++ if not is_correct_password:
++ raise osv.except_osv(_('Error !'), _('The current password does not match, please double-check it.'))
++ user_obj.write(cr, uid, [uid], {'password': password_rec.new_password}, context=context)
+ return {}
+
+ change_user_password()
+
# vim:expandtab:smartindent:tabstop=4:softtabstop=4:shiftwidth=4: