Merge branch 'master' into stable

app/controllers/api/env_settings_controller.rb

@@ -15,7 +15,8 @@ def index
                                 givenname: current_user.givenname,
                                 last_login_at: current_user.last_login_at,
                                 last_login_from: current_user.last_login_from,
-                                preferred_locale: current_user.preferred_locale },
+                                preferred_locale: current_user.preferred_locale,
+                                auth: current_user.auth },
                 last_login_message: last_login_message,
                 geo_ip: GeoIp.activated?,
                 version: version_number,

app/controllers/api/profile/password_controller.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+class Api::Profile::PasswordController < ApiController
+  self.permitted_attrs = [:old_password, :new_password1, :new_password2]
+
+  def update
+    authorize current_user, :update_password?
+    if password_params_valid?
+      current_user.update_password(old_password,
+                                   new_password)
+      add_info('flashes.profile.changePassword.success')
+      ok_status = 200
+    end
+    render_json(nil, ok_status || 400)
+  end
+
+  def password_params_valid?
+    unless current_user.authenticate_db(old_password)
+      add_error('helpers.label.user.wrongPassword')
+      return false
+    end
+
+    unless new_passwords_match?
+      add_error('flashes.profile.changePassword.new_passwords_not_equal')
+      return false
+    end
+    true
+  end
+
+  private
+
+  def old_password
+    model_params[:old_password]
+  end
+
+  def new_password
+    model_params[:new_password1] if new_passwords_match?
+  end
+
+  def new_passwords_match?
+    model_params[:new_password1] == model_params[:new_password2]
+  end
+end

app/controllers/api_controller.rb

@@ -25,8 +25,8 @@ class ApiController < CrudController
 
   protected
 
-  def render_json(data = nil)
-    render status: response_status, json: data || messages, include: '*'
+  def render_json(data = nil, status = nil)
+    render status: status || response_status, json: data || messages, include: '*'
   end
 
   def team

app/controllers/session_controller.rb

@@ -52,21 +52,6 @@ def destroy_redirect_path
     end
   end
 
-  def show_update_password
-    render :show_update_password
-  end
-
-  def update_password
-    if password_params_valid?
-      current_user.update_password(params[:old_password],
-                                   params[:new_password1])
-      flash[:notice] = t('flashes.session.new_password_set')
-      redirect_to root_path
-    else
-      render :show_update_password
-    end
-  end
-
   private
 
   def assert_logged_in
@@ -116,21 +101,6 @@ def set_session_attributes(user, pk_secret)
     session[:last_login_from] = user.last_login_from
   end
 
-  def password_params_valid?
-    return if current_user.is_a?(User::Api)
-
-    unless current_user.authenticate_db(params[:old_password])
-      flash[:error] = t('flashes.session.wrong_password')
-      return false
-    end
-
-    if params[:new_password1] != params[:new_password2]
-      flash[:error] = t('flashes.session.new_passwords_not_equal')
-      return false
-    end
-    true
-  end
-
   def authorize_action
     authorize :session
   end

app/policies/session_policy.rb

@@ -25,16 +25,4 @@ def create?
   def destroy?
     user.present?
   end
-
-  def show_update_password?
-    user.present? && user.auth_db?
-  end
-
-  def update_password?
-    user.present? && user.auth_db?
-  end
-
-  def changelocale?
-    user.present?
-  end
 end

app/policies/user/api_policy.rb

@@ -34,6 +34,10 @@ def unlock?
     own_api_user?
   end
 
+  def update_password?
+    false
+  end
+
   private
 
   def own_api_user?

app/policies/user/human_policy.rb

@@ -69,6 +69,10 @@ def resetpassword?
     end
   end
 
+  def update_password?
+    user.auth_db?
+  end
+
   private
 
   def current_user

app/presenters/filtered_list.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 class FilteredList
+  include ParamConverters
 
   def initialize(current_user, params)
     @current_user = current_user

app/presenters/teams/filtered_list.rb

@@ -4,12 +4,14 @@ module ::Teams
   class FilteredList < ::FilteredList
 
     def fetch_entries
-      return filter_by_query if query_present?
-      return filter_by_id if team_id.present?
-      return filter_by_favourite if favourite.present?
-      return filter_by_last_teammember if only_teammember_user.present?
+      filtered_teams = teams
 
-      teams
+      filtered_teams = filter_by_favourite if favourite.present? && true?(favourite)
+      filtered_teams = filter_by_query(filtered_teams) if query_present?
+      filtered_teams = filter_by_id if team_id.present?
+      filtered_teams = filter_by_last_teammember if only_teammember_user.present?
+
+      filtered_teams
     end
 
     private
@@ -44,7 +46,7 @@ def limit
       @params[:limit]
     end
 
-    def filter_by_query
+    def filter_by_query(teams)
       teams.includes(:folders, folders: [:accounts]).where(
         'lower(accounts.description) LIKE :query
         OR lower(accounts.accountname) LIKE :query

config/routes/api.rb

@@ -5,7 +5,11 @@
 
     get 'env_settings', to: 'env_settings#index'
 
-    resource :profile, only: [:update]
+    resource :profile, only: [:update] do
+      collection do
+        patch :password, to: 'profile/password#update'
+      end
+    end
 
     resources :accounts, except: [:new, :edit] do
       resources :file_entries, only: [:create, :index, :destroy, :show]

frontend/app/components/profile/password-update.js

@@ -0,0 +1,95 @@
+import Component from "@glimmer/component";
+import { tracked } from "@glimmer/tracking";
+import { action } from "@ember/object";
+import UserHumanPasswordEditValidations from "../../validations/user-human/passwordEdit";
+import lookupValidator from "ember-changeset-validations";
+import Changeset from "ember-changeset";
+import { inject as service } from "@ember/service";
+import ENV from "../../config/environment";
+
+export default class ProfilePasswordUpdateComponent extends Component {
+  @service fetchService;
+  @service notify;
+  @service intl;
+
+  @tracked isEditing = false;
+
+  UserHumanPasswordEditValidations = UserHumanPasswordEditValidations;
+
+  @tracked
+  oldPasswordIncorrectError = "";
+
+  showSuccessMessage() {
+    let translationKeyPrefix = this.intl.locale[0].replace("-", "_");
+    let successMsg = `${translationKeyPrefix}.flashes.profile.changePassword.success`;
+    let msg = this.intl.t(successMsg);
+    this.notify.success(msg);
+  }
+
+  constructor() {
+    super(...arguments);
+
+    let passwordChangeset = {
+      oldPassword: "",
+      newPassword1: "",
+      newPassword2: ""
+    };
+
+    this.changeset = new Changeset(
+      passwordChangeset,
+      lookupValidator(UserHumanPasswordEditValidations),
+      UserHumanPasswordEditValidations
+    );
+  }
+
+  @action
+  toggleEditing() {
+    this.isEditing = !this.isEditing;
+  }
+
+  @action
+  resetOldPasswordError() {
+    this.oldPasswordIncorrectError = "";
+  }
+
+  @action
+  async submit() {
+    await this.changeset.validate();
+    if (!this.changeset.isValid) return;
+
+    const requestBody = {
+      data: {
+        attributes: {
+          old_password: this.changeset.oldPassword,
+          new_password1: this.changeset.newPassword1,
+          new_password2: this.changeset.newPassword2
+        }
+      }
+    };
+
+    this.fetchService
+      .send("/api/profile/password", {
+        method: "PATCH",
+        headers: {
+          Accept: "application/vnd.api+json",
+          "Content-Type": "application/json",
+          "X-CSRF-Token": ENV.CSRFToken
+        },
+        body: JSON.stringify(requestBody)
+      })
+      .then((response) => {
+        if (response.ok) {
+          this.showSuccessMessage();
+          this.toggleEditing();
+        } else {
+          response.json().then((json) => {
+            this.oldPasswordIncorrectError = json.errors[0];
+          });
+        }
+      });
+  }
+
+  get isUserAllowedToChangePassword() {
+    return ENV.currentUserAuth === "db";
+  }
+}

frontend/app/initializers/env-settings.js

@@ -13,6 +13,7 @@ export function initialize(/* application */) {
         ENV.currentUserGivenname = envSettings.current_user.givenname;
         ENV.currentUserLastLoginAt = envSettings.current_user.last_login_at;
         ENV.currentUserLastLoginFrom = envSettings.current_user.last_login_from;
+        ENV.currentUserAuth = envSettings.current_user.auth;
         ENV.preferredLocale = envSettings.current_user.preferred_locale;
         ENV.lastLoginMessage = envSettings.last_login_message;
         ENV.geoIP = envSettings.geo_ip;

frontend/app/routes/teams/index.js

@@ -25,6 +25,7 @@ export default class TeamsIndexRoute extends BaseRoute {
 
   model(params) {
     params["limit"] = 10;
+    params["favourite"] = this.navService.isShowingFavourites;
     return this.store.query("team", params);
   }
 }

frontend/app/services/nav-service.js

@@ -21,7 +21,11 @@ export default class NavService extends Service {
   }
 
   get showSideNavBar() {
-    const sideNavBarDisabledRoutes = ["admin.settings", "admin.users"];
+    const sideNavBarDisabledRoutes = [
+      "admin.settings",
+      "admin.users",
+      "profile"
+    ];
     return !sideNavBarDisabledRoutes.includes(this.router.currentRouteName);
   }
 

frontend/app/templates/admin.hbs

@@ -1,8 +1,4 @@
 <div class="pt-3 mb-3">
-  <LinkTo @route="index">
-    <span class="btn btn-secondary admin-back-button" role="button">
-      <img class="icon-button account-show-back" src="/assets/images/arrow-left.svg" alt="back">
-    </span>
-  </LinkTo>
+  <IndexButton></IndexButton>
   {{outlet}}
 </div>

frontend/app/templates/components/account/show.hbs

@@ -4,7 +4,7 @@
 {{#if this.isFileEntryCreating}}
   <FileEntry::Form @class="modal_file_entry" @account={{@account}} @title={{t "file_entries.new.title"}} @onAbort={{this.toggleFileEntryNew}}/>
 {{/if}}
-<div class="container px-5 pt-4 h-100 bg-white pl-none account-container-smartphone">
+<div class="container px-5 pt-4 h-100 bg-white pl-none account-container-smartphone mb-15">
   <div class="row mb-3">
     <div class="col">
       <a id="account-show-back" role="button" {{on "click" this.transitionBack}}>
@@ -25,20 +25,20 @@
     {{/unless}}
   </div>
   <div class="row pb-3 justify-content-between">
-    <div class="col-lg-7 accountname">
+    <div class="col-lg-9 accountname">
       <h2 class="d-inline">{{t "accounts.show.account"}}: {{@account.accountname}}</h2>
     </div>
-    <div class="col-sm-5 accountname">
-      <p class="d-inline">{{t "accounts.show.created_at"}}: {{moment-format @account.createdAt "DD.MM.YYYY hh:mm"}}</p>
-      <br>
+    <div class="col-lg-9 accountname text-muted">
+      <br><p class="d-inline">{{t "accounts.show.created_at"}}: {{moment-format @account.createdAt "DD.MM.YYYY hh:mm"}}</p>
+       / 
       <p class="d-inline">{{t "accounts.show.last_update"}}: {{moment-format @account.updatedAt "DD.MM.YYYY hh:mm"}}</p>
     </div>
   </div>
 
   {{#if @account.description}}
     <div class="row pb-3">
       <div class="col">
-        <p class="text-muted description">{{@account.description}}</p>
+        <br><p class="text-muted description">{{@account.description}}</p>
       </div>
     </div>
   {{/if}}

frontend/app/templates/components/index-button.hbs

@@ -0,0 +1,5 @@
+<LinkTo @route="index">
+  <span class="btn btn-secondary admin-back-button" role="button">
+    <img class="icon-button account-show-back" src="/assets/images/arrow-left.svg" alt="back">
+  </span>
+</LinkTo>

frontend/app/templates/components/nav-bar.hbs

@@ -20,7 +20,7 @@
     <div class="search-field">
       <Input @class="search" @type="search"
              @value={{ this.navService.searchQuery }}
-             placeholder={{t "search.index.type_to_search"}} @keyUp={{this.searchByQuery}}
+             placeholder={{t (concat "search.index.type_to_search." (if this.navService.isShowingFavourites "favourites" "all"))}} @keyUp={{this.searchByQuery}}
              @autofocus={{this.isStartpage}} maxlength="70"/>
       <button>
         <pzsh-icon name="search"></pzsh-icon>