From 6da2e2a18348843dffa3673d856549d34e859fb6 Mon Sep 17 00:00:00 2001 From: Benjamin Perche Date: Mon, 7 Jul 2014 14:05:27 +0200 Subject: [PATCH] Fix issue #511 When the user is registred in the session, the method "eraseCredentials" is cal$ ( Thelia\Core\Security\SecurityContext::setCustomerUser ). The form checks if the customer user of the session has the password given, or, in the session, the password is null, so it doesn't work. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit modifié: core/lib/Thelia/Form/CustomerPasswordUpdateForm.php --- core/lib/Thelia/Form/CustomerPasswordUpdateForm.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/core/lib/Thelia/Form/CustomerPasswordUpdateForm.php b/core/lib/Thelia/Form/CustomerPasswordUpdateForm.php index 9fece619c..1f220dd50 100644 --- a/core/lib/Thelia/Form/CustomerPasswordUpdateForm.php +++ b/core/lib/Thelia/Form/CustomerPasswordUpdateForm.php @@ -16,6 +16,7 @@ use Symfony\Component\Validator\Constraints; use Symfony\Component\Validator\ExecutionContextInterface; use Thelia\Model\ConfigQuery; use Thelia\Core\Translation\Translator; +use Thelia\Model\CustomerQuery; /** * Class CustomerPasswordUpdateForm @@ -69,8 +70,14 @@ class CustomerPasswordUpdateForm extends BaseForm public function verifyCurrentPasswordField($value, ExecutionContextInterface $context) { + /** + * Retrieve the user recording, because after the login action, the password is deleted in the session + */ + $userId = $this->getRequest()->getSession()->getCustomerUser()->getId(); + $user = CustomerQuery::create()->findPk($userId); + // Check if value of the old password match the password of the current user - if (!password_verify($value, $this->getRequest()->getSession()->getCustomerUser()->getPassword())) { + if (!password_verify($value, $user->getPassword())) { $context->addViolation(Translator::getInstance()->trans("Your current password does not match.")); } }