Do not request password till newPassword and newRePassword are valid

2024-07-01 04:33:33 +05:30 · 2016-05-02 13:11:10 +03:00 · 2016-05-02 13:11:10 +03:00 · 75a0811488
commit 75a0811488
parent 479f633d3f
2 changed files with 14 additions and 1 deletions
--- a/api/models/ChangePasswordForm.php
+++ b/api/models/ChangePasswordForm.php
@ -34,7 +34,7 @@ class ChangePasswordForm extends PasswordProtectedForm {
    }

    public function validatePasswordAndRePasswordMatch($attribute) {
-        if (!$this->hasErrors()) {
+        if (!$this->hasErrors($attribute)) {
            if ($this->newPassword !== $this->newRePassword) {
                $this->addError($attribute, 'error.newRePassword_does_not_match');
            }
--- a/tests/codeception/api/unit/models/ChangePasswordFormTest.php
+++ b/tests/codeception/api/unit/models/ChangePasswordFormTest.php
@ -47,6 +47,19 @@ class ChangePasswordFormTest extends DbTestCase {
            $model->validatePasswordAndRePasswordMatch('newRePassword');
            expect($model->getErrors('newRePassword'))->isEmpty();
        });
+
+        $this->specify('error.newRePassword_does_not_match expected even if there are errors on other attributes', function() {
+            // this is very important, because password change flow may be combined of two steps
+            // therefore we need to validate password sameness before we will validate current account password
+            $account = new Account();
+            $account->setPassword('12345678');
+            $model = new ChangePasswordForm($account, [
+                'newPassword' => 'my-new-password',
+                'newRePassword' => 'another-password',
+            ]);
+            $model->validate();
+            expect($model->getErrors('newRePassword'))->equals(['error.newRePassword_does_not_match']);
+        });
    }

    public function testChangePassword() {