[Improvement]: Check if new password is NOT the same as the old one w…

…hen resetting (#285) * add check that new passoword is different than old one * refactor empty old password check * add CHANGELOG * Update CHANGELOG.md --------- Co-authored-by: Divesh Pahuja <divesh.pahuja@pimcore.com>
pimcore · Sep 26, 2023 · 498ac77 · 498ac77
1 parent 433f324
commit 498ac77
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,6 @@
 #### v1.2.0
  - DataObject used to automatically reload version after save, but now it's triggered only on successfull save. The reload can be forced by setting `forceReloadVersionsAfterSave` to `true` in a `postSaveObject` event listener.
+ - [User -> Settings] When resetting password, setting the new password same as the old one would throw an error.
 
 #### v1.1.0
  - `Pimcore\Bundle\AdminBundle\Service\ElementService` is marked as internal.

diff --git a/src/Controller/Admin/UserController.php b/src/Controller/Admin/UserController.php
@@ -589,6 +589,11 @@ public function updateCurrentUserAction(Request $request, ValidatorInterface $va
                     }
 
                     if ($oldPasswordCheck && $values['new_password'] == $values['retype_password']) {
+
+                        if (Tool\Authentication::verifyPassword($user, $values['new_password'])) {
+                            throw new \Exception('The new password cannot be the same as the old one');
+                        }
+
                         $values['password'] = Tool\Authentication::getPasswordHash($user->getName(), $values['new_password']);
                     } else {
                         if (!$oldPasswordCheck) {