From 19273a993c37a4f989faf326df03b9f396a5f1a5 Mon Sep 17 00:00:00 2001
From: Scott Jackson <daneren2005@gmail.com>
Date: Tue, 9 Feb 2016 17:23:33 -0800
Subject: Add requirement for current user password when changing as non-admin

---
 .../github/daneren2005/dsub/util/UserUtil.java     | 31 +++++++++++++++-------
 app/src/main/res/layout/change_password.xml        | 25 ++++++++++++++++-
 app/src/main/res/values/strings.xml                |  1 +
 3 files changed, 47 insertions(+), 10 deletions(-)

(limited to 'app/src/main')

diff --git a/app/src/main/java/github/daneren2005/dsub/util/UserUtil.java b/app/src/main/java/github/daneren2005/dsub/util/UserUtil.java
index 3f16de21..a83e0935 100644
--- a/app/src/main/java/github/daneren2005/dsub/util/UserUtil.java
+++ b/app/src/main/java/github/daneren2005/dsub/util/UserUtil.java
@@ -29,8 +29,6 @@ import android.view.MenuInflater;
 import android.view.MenuItem;
 import android.view.View;
 import android.view.WindowManager;
-import android.widget.ArrayAdapter;
-import android.widget.ListView;
 import android.widget.TextView;
 
 import github.daneren2005.dsub.R;
@@ -175,12 +173,7 @@ public final class UserUtil {
 				.setPositiveButton(R.string.common_ok, new DialogInterface.OnClickListener() {
 					@Override
 					public void onClick(DialogInterface dialog, int id) {
-						String password = passwordView.getText().toString();
-						
-						SharedPreferences prefs = Util.getPreferences(context);
-						String correctPassword = prefs.getString(Constants.PREFERENCES_KEY_PASSWORD + Util.getActiveServer(context), null);
-						
-						if(password != null && password.equals(correctPassword)) {
+						if(isPasswordCorrect(context, passwordView)) {
 							lastVerifiedTime = currentTime;
 							onSuccess.run();
 						} else {
@@ -199,8 +192,14 @@ public final class UserUtil {
 
 	public static void changePassword(final Activity context, final User user) {
 		View layout = context.getLayoutInflater().inflate(R.layout.change_password, null);
+		View currentPasswordLayout = layout.findViewById(R.id.current_password_layout);
+		final TextView currentPasswordView = (TextView) layout.findViewById(R.id.current_password);
 		final TextView passwordView = (TextView) layout.findViewById(R.id.new_password);
 
+		if(isCurrentAdmin()) {
+			currentPasswordLayout.setVisibility(View.GONE);
+		}
+
 		AlertDialog.Builder builder = new AlertDialog.Builder(context);
 		builder.setTitle(R.string.admin_change_password)
 				.setView(layout)
@@ -215,8 +214,12 @@ public final class UserUtil {
 			@Override
 			public void onClick(View v) {
 				final String password = passwordView.getText().toString();
+				if(!isCurrentAdmin() && !isPasswordCorrect(context, currentPasswordView)) {
+					Util.toast(context, R.string.admin_confirm_password_bad);
+					return;
+				}
 				// Don't allow blank passwords
-				if ("".equals(password)) {
+				else if ("".equals(password)) {
 					Util.toast(context, R.string.admin_change_password_invalid);
 					return;
 				}
@@ -252,6 +255,16 @@ public final class UserUtil {
 		});
 	}
 
+	private static boolean isPasswordCorrect(Context context, TextView passwordView) {
+		return isPasswordCorrect(context, passwordView.getText().toString());
+	}
+	private static boolean isPasswordCorrect(Context context, String password) {
+		SharedPreferences prefs = Util.getPreferences(context);
+		String correctPassword = prefs.getString(Constants.PREFERENCES_KEY_PASSWORD + Util.getActiveServer(context), null);
+
+		return password != null && password.equals(correctPassword);
+	}
+
 	public static void updateSettings(final Context context, final User user) {
 		new SilentBackgroundTask<Void>(context) {
 			@Override
diff --git a/app/src/main/res/layout/change_password.xml b/app/src/main/res/layout/change_password.xml
index d8043c05..68861b0b 100644
--- a/app/src/main/res/layout/change_password.xml
+++ b/app/src/main/res/layout/change_password.xml
@@ -4,7 +4,30 @@
 	android:layout_width="match_parent"
 	android:layout_height="match_parent">
 
-	<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
+	<LinearLayout
+		android:id="@+id/current_password_layout"
+		android:orientation="horizontal"
+		android:layout_width="fill_parent"
+		android:layout_height="wrap_content">
+
+		<TextView
+			android:id="@+id/current_password_label"
+			android:layout_width="wrap_content"
+			android:layout_height="wrap_content"
+			android:layout_marginLeft="4dp"
+			android:textSize="20dp"
+			android:text="@string/admin.change_password_current_label"
+			android:textColor="?android:textColorPrimary"/>
+		<EditText
+			android:id="@+id/current_password"
+			android:inputType="textPassword"
+			android:layout_width="fill_parent"
+			android:layout_height="wrap_content"
+			android:layout_weight="1"
+			android:layout_marginLeft="4dp" />
+	</LinearLayout>
+
+	<LinearLayout
 		android:orientation="horizontal"
 		android:layout_width="fill_parent"
 		android:layout_height="wrap_content">
diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
index 6eac3c83..b4d6f41b 100644
--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@@ -524,6 +524,7 @@
 	<string name="admin.change_password">Change Password</string>
 	<string name="admin.change_password_success">Successfully changed password for %1$s</string>
 	<string name="admin.change_password_error">Failed to change password for %1$s</string>
+	<string name="admin.change_password_current_label">Current Password:</string>
 	<string name="admin.change_password_label">New Password:</string>
 	<string name="admin.change_password_invalid">Enter a valid password</string>
 	<string name="admin.delete_user">Delete User</string>
-- 
cgit v1.2.3