Merge pull request #33453 from owncloud/stable10-newuserform-showpoli…

…cyerrors

[stable10] Display error message in new password form

settings/Controller/UsersController.php

@@ -656,12 +656,23 @@ public function setPassword($token, $userId, $password) {
 		try {
 			$this->checkPasswordSetToken($token, $userId);
 
-			if (!$user->setPassword($password)) {
+			try {
+				if (!$user->setPassword($password)) {
+					$this->log->error('The password can not be set for user: '. $userId);
+					return new JSONResponse(
+						[
+							'status' => 'error',
+							'message' => $this->l10n->t('Failed to set password. Please contact your administrator.', [$userId]),
+							'type' => 'passwordsetfailed'
+						], Http::STATUS_FORBIDDEN
+					);
+				}
+			} catch (\Exception $e) {
 				$this->log->error('The password can not be set for user: '. $userId);
 				return new JSONResponse(
 					[
 						'status' => 'error',
-						'message' => $this->l10n->t('Failed to set password. Please contact your administrator.', [$userId]),
+						'message' => $e->getMessage(),
 						'type' => 'passwordsetfailed'
 					], Http::STATUS_FORBIDDEN
 				);

settings/js/setpassword.js

@@ -27,11 +27,13 @@
 			var errorMessage;
 			errorMessage = responseObj.message;
 
-			if (errorMessage) {
-				errorObject.text(errorMessage);
-				errorObject.show();
-				$('#submit').prop('disabled', true);
+			if (!errorMessage) {
+				errorMessage = t('core', 'Failed to set password. Please contact your administrator.');
 			}
+
+			errorObject.text(errorMessage);
+			errorObject.show();
+			$('#submit').prop('disabled', false);
 		},
 
 		_resetDone : function(result){

settings/tests/js/setpasswordSpec.js

@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 2018 Sujith Haridasan <[email protected]>
+ *
+ * This file is licensed under the Affero General Public License version 3
+ * or later.
+ *
+ * See the COPYING-README file.
+ *
+ */
+
+describe('OCA.UserManagement.SetPassword tests', function () {
+	var resultSpy, SetPassword, redirectURL;
+	beforeEach(function () {
+		$('#testArea').append(
+			'<label id="error-message" class="warning" style="display:none"></label>' +
+			'<form id="set-password" method="post">\n' +
+			'<fieldset>' +
+			'<p>' +
+			'<label for="password" class="infield">New password</label>' +
+			'<input type="password" name="password" id="password" value=""' +
+			'placeholder="New Password"' +
+			'autocomplete="off" autocapitalize="off" autocorrect="off"' +
+			'required autofocus />' +
+			'</p>' +
+			'<input type="submit" id="submit" value="Please set your password"' +
+			'</fieldset>' +
+			'</form>'
+		);
+	});
+
+	describe('set newpassword', function () {
+		beforeEach(function () {
+			SetPassword = OCA.UserManagement.SetPassword;
+			redirectURL = sinon.stub(OC, 'redirect');
+		});
+		afterEach(function () {
+			resultSpy.restore();
+			redirectURL.restore();
+		});
+
+		it('set password failed', function () {
+			resultSpy = sinon.spy(SetPassword, '_onSetPasswordFail');
+			var defr = $.Deferred();
+			defr.reject({'responseText' : '{"foo":"bar", "message": false}'});
+
+			spyOn($, 'post').and.returnValue(defr.promise());
+
+			SetPassword.init();
+			$('#password').val('foo');
+			$('#submit').click();
+
+			expect(resultSpy.calledOnce).toEqual(true);
+			expect($('#submit').prop('disabled')).toEqual(false);
+			expect($('#error-message').text()).toEqual('Failed to set password. Please contact your administrator.');
+		});
+
+		it('set password success', function () {
+			resultSpy = sinon.spy(SetPassword, '_resetDone');
+			var defr = $.Deferred();
+			defr.resolve({'status' : 'success'});
+
+			spyOn($, 'post').and.returnValue(defr.done());
+
+			SetPassword.init();
+			$('#password').val('foo');
+			$('#submit').click();
+
+			expect(resultSpy.calledOnce).toEqual(true);
+			expect(redirectURL.calledOnce).toEqual(true);
+			expect(redirectURL.getCall(0).args[0]).toContain('/owncloud');
+		});
+	});
+});

tests/Settings/Controller/UsersControllerTest.php

@@ -3053,6 +3053,43 @@ public function testSetPasswordInvalidTokenExcception() {
 		), $result);
 	}
 
+	public function testSetPasswordPolicyException() {
+		$user = $this->createMock(IUser::class);
+		$user->method('setPassword')
+			->willThrowException(new \Exception('Can not set user password, because password does not comply with policy.'));
+		$this->container['UserManager']->method('get')
+			->with('foo')
+			->willReturn($user);
+
+		$this->container['Config']
+			->expects($this->once())
+			->method('getUserValue')
+			->willReturn('1234:fooBaZ1');
+		$this->container['Config']
+			->expects($this->once())
+			->method('getAppValue')
+			->willReturn('43200');
+
+		$this->container['TimeFactory']
+			->expects($this->once())
+			->method('getTime')
+			->willReturn(44430);
+		$this->container['Logger']
+		->expects($this->once())
+			->method('error')
+			->with('The password can not be set for user: foo');
+
+		$expectedResult = new Http\JSONResponse(
+			[
+				'status' => 'error',
+				'message' => 'Can not set user password, because password does not comply with policy.',
+				'type' => 'passwordsetfailed',
+			], Http::STATUS_FORBIDDEN
+		);
+		$result = $this->container['UsersController']->setPassword('fooBaZ1', 'foo', '123');
+		$this->assertEquals($expectedResult, $result);
+	}
+
 	public function testSetPasswordExpiredTokenException() {
 		$user = $this->createMock(IUser::class);
 

tests/karma.config.js

@@ -111,11 +111,13 @@ module.exports = function(config) {
 				name: 'settings',
 				srcFiles: [
 					'settings/js/users/deleteHandler.js',
-					'settings/js/admin-apps.js'
+					'settings/js/admin-apps.js',
+					'settings/js/setpassword.js'
 				],
 				testFiles: [
 					'settings/tests/js/users/deleteHandlerSpec.js',
-					'settings/tests/js/apps/appSettingsSpec.js'
+					'settings/tests/js/apps/appSettingsSpec.js',
+					'settings/tests/js/setpasswordSpec.js'
 				]
 			}
 		];