TheCoreDev/sterivein
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix issue #511

Browse Source 
When the user is registred in the session, the method "eraseCredentials" is cal$
( Thelia\Core\Security\SecurityContext::setCustomerUser ).
The form checks if the customer user of the session has the password given,
or, in the session, the password is null, so it doesn't work.

        modifié:         core/lib/Thelia/Form/CustomerPasswordUpdateForm.php
This commit is contained in:
Benjamin Perche
2014-07-07 14:05:27 +02:00
parent 5412f9891d
commit 6da2e2a183
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
core/lib/Thelia/Form/CustomerPasswordUpdateForm.php
View File

@@ -16,6 +16,7 @@ use Symfony\Component\Validator\Constraints;
use Symfony\Component\Validator\ExecutionContextInterface; use Symfony\Component\Validator\ExecutionContextInterface;
use Thelia\Model\ConfigQuery; use Thelia\Model\ConfigQuery;
use Thelia\Core\Translation\Translator; use Thelia\Core\Translation\Translator;
use Thelia\Model\CustomerQuery;
/** /**
* Class CustomerPasswordUpdateForm * Class CustomerPasswordUpdateForm
@@ -69,8 +70,14 @@ class CustomerPasswordUpdateForm extends BaseForm
public function verifyCurrentPasswordField($value, ExecutionContextInterface $context) public function verifyCurrentPasswordField($value, ExecutionContextInterface $context)
{ {
/**
* Retrieve the user recording, because after the login action, the password is deleted in the session
*/
$userId = $this->getRequest()->getSession()->getCustomerUser()->getId();
$user = CustomerQuery::create()->findPk($userId);
// Check if value of the old password match the password of the current user // Check if value of the old password match the password of the current user
if (!password_verify($value, $this->getRequest()->getSession()->getCustomerUser()->getPassword())) { if (!password_verify($value, $user->getPassword())) {
$context->addViolation(Translator::getInstance()->trans("Your current password does not match.")); $context->addViolation(Translator::getInstance()->trans("Your current password does not match."));
} }
} }