non-admins must supply existing passwd when changing passwd (#10249)

2025-08-08 07:15:23 +02:00 · 2023-09-06 08:26:32 +12:00 · 2023-09-06 08:26:32 +12:00 · e5f7641e46
commit e5f7641e46
parent 515b02813b
5 changed files with 24 additions and 9 deletions
--- a/app/portainer/services/api/userService.js
+++ b/app/portainer/services/api/userService.js
@ -54,8 +54,8 @@ export function UserService($q, Users, TeamService, TeamMembershipService) {
    return Users.remove({ id: id }).$promise;
  };

-  service.updateUser = function (id, { password, role, username }) {
-    return Users.update({ id }, { password, role, username }).$promise;
+  service.updateUser = function (id, { newPassword, role, username }) {
+    return Users.update({ id }, { newPassword, role, username }).$promise;
  };

  service.updateUserPassword = function (id, currentPassword, newPassword) {
--- a/app/portainer/views/users/edit/userController.js
+++ b/app/portainer/views/users/edit/userController.js
@ -72,7 +72,7 @@ angular.module('portainer.app').controller('UserController', [
      if (!confirmed) {
        return;
      }
-      UserService.updateUser($scope.user.Id, { password: $scope.formValues.newPassword })
+      UserService.updateUser($scope.user.Id, { newPassword: $scope.formValues.newPassword })
        .then(function success() {
          Notifications.success('Success', 'Password successfully updated');