Allow users to change their password if backend is db

refs #10616

application/controllers/AccountController.php

@@ -4,7 +4,10 @@
 namespace Icinga\Controllers;
 
 use Icinga\Application\Config;
+use Icinga\Authentication\User\UserBackend;
 use Icinga\Data\ConfigObject;
+use Icinga\Exception\ConfigurationError;
+use Icinga\Forms\Account\ChangePasswordForm;
 use Icinga\Forms\PreferenceForm;
 use Icinga\User\Preferences\PreferencesStore;
 use Icinga\Web\Controller;
@@ -39,6 +42,20 @@ class AccountController extends Controller
     {
         $config = Config::app()->getSection('global');
         $user = $this->Auth()->getUser();
+        if ($user->getAdditional('backend_type') === 'db') {
+            try {
+                $userBackend = UserBackend::create($user->getAdditional('backend_name'));
+            } catch (ConfigurationError $e) {
+                $userBackend = null;
+            }
+            if ($userBackend !== null) {
+                $changePasswordForm = new ChangePasswordForm();
+                $changePasswordForm
+                    ->setBackend($userBackend)
+                    ->handleRequest();
+                $this->view->changePasswordForm = $changePasswordForm;
+            }
+        }
 
         $form = new PreferenceForm();
         $form->setPreferences($user->getPreferences());

application/forms/Account/ChangePasswordForm.php

@@ -0,0 +1,123 @@
+<?php
+/* Icinga Web 2 | (c) 2013 Icinga Development Team | GPLv2+ */
+
+namespace Icinga\Forms\Account;
+
+use Icinga\Authentication\User\DbUserBackend;
+use Icinga\Data\Filter\Filter;
+use Icinga\User;
+use Icinga\Web\Form;
+use Icinga\Web\Notification;
+
+/**
+ * Form for changing user passwords
+ */
+class ChangePasswordForm extends Form
+{
+    /**
+     * The user backend
+     *
+     * @var DbUserBackend
+     */
+    protected $backend;
+
+    /**
+     * {@inheritdoc}
+     */
+    public function init()
+    {
+        $this->setSubmitLabel($this->translate('Update Account'));
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function createElements(array $formData)
+    {
+        $this->addElement(
+            'password',
+            'old_password',
+            array(
+                'label'         => $this->translate('Old Password'),
+                'required'      => true
+            )
+        );
+        $this->addElement(
+            'password',
+            'new_password',
+            array(
+                'label'         => $this->translate('New Password'),
+                'required'      => true
+            )
+        );
+        $this->addElement(
+            'password',
+            'new_password_confirmation',
+            array(
+                'label'         => $this->translate('Confirm New Password'),
+                'required'      => true,
+                'validators'        => array(
+                    array('identical', false, array('new_password'))
+                )
+            )
+        );
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function onSuccess()
+    {
+        $backend = $this->getBackend();
+        $backend->update(
+            $backend->getBaseTable(),
+            array('password' => $this->getElement('new_password')->getValue()),
+            Filter::where('user_name', $this->Auth()->getUser()->getUsername())
+        );
+        Notification::success($this->translate('Account updated'));
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function isValid($formData)
+    {
+        $valid = parent::isValid($formData);
+        if (! $valid) {
+            return false;
+        }
+
+        $oldPasswordEl = $this->getElement('old_password');
+
+        if (! $this->backend->authenticate($this->Auth()->getUser(), $oldPasswordEl->getValue())) {
+            $oldPasswordEl->addError($this->translate('Old password is invalid'));
+            $this->markAsError();
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Get the user backend
+     *
+     * @return  DbUserBackend
+     */
+    public function getBackend()
+    {
+        return $this->backend;
+    }
+
+    /**
+     * Set the user backend
+     *
+     * @param   DbUserBackend $backend
+     *
+     * @return  $this
+     */
+    public function setBackend(DbUserBackend $backend)
+    {
+        $this->backend = $backend;
+        return $this;
+    }
+}

application/views/scripts/account/index.phtml

@@ -1,6 +1,11 @@
 <div class="controls">
-    <?= $tabs; ?>
+    <?= $tabs ?>
 </div>
 <div class="content">
-    <?= $form; ?>
+<?php if (isset($changePasswordForm)): ?>
-</div>
+    <h1><?= $this->translate('Account') ?></h1>
+    <?= $changePasswordForm ?>
+<?php endif ?>
+    <h1><?= $this->translate('Preferences') ?></h1>
+    <?= $form ?>
+</div>

library/Icinga/Authentication/AuthChain.php

@@ -118,6 +118,8 @@ class AuthChain implements Authenticatable, Iterator
                 continue;
             }
             if ($authenticated) {
+                $user->setAdditional('backend_name', $backend->getName());
+                $user->setAdditional('backend_type', $this->config->current()->get('backend'));
                 return true;
             }
         }