From 7f53998bd3726c808abf8b0c4950e25db29d9ea2 Mon Sep 17 00:00:00 2001
From: P Dheeraj Srujan Kumar
Date: Sat, 8 Jul 2023 03:35:27 +0530
Subject: Update to internal 1-1.11-1
Signed-off-by: P Dheeraj Srujan Kumar
---
...-password-input-in-change-password-screen.patch | 135 +++++++++++++++++++++
.../recipes-phosphor/webui/webui-vue_%.bbappend | 1 +
2 files changed, 136 insertions(+)
create mode 100644 meta-openbmc-mods/meta-common/recipes-phosphor/webui/webui-vue/0001-Old-password-input-in-change-password-screen.patch
(limited to 'meta-openbmc-mods/meta-common/recipes-phosphor/webui')
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/webui/webui-vue/0001-Old-password-input-in-change-password-screen.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/webui/webui-vue/0001-Old-password-input-in-change-password-screen.patch
new file mode 100644
index 000000000..313ba9387
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/webui/webui-vue/0001-Old-password-input-in-change-password-screen.patch
@@ -0,0 +1,135 @@
+From 9da7bafdcee1bd022b7e47eecf704eb799b389e8 Mon Sep 17 00:00:00 2001
+From: Yaswanth Reddy M
+Date: Wed, 17 May 2023 10:47:56 +0000
+Subject: [PATCH] Old password input in change password screen
+
+When the user changed their password in profile settings, to prevent
+XSS attacks, I added the current password input field to authenticate
+the user.
+
+Once the authentication had success with the current password, then
+allowing the update was possible. After the password is changed
+successfully, all the sessions of the user who changed the password
+will be disconnected, including the current session. and the current
+session will navigate to the login page.
+
+Signed-off-by: Yaswanth Reddy M
+---
+ src/locales/en-US.json | 4 +-
+ src/views/ProfileSettings/ProfileSettings.vue | 54 +++++++++++++++++--
+ 2 files changed, 53 insertions(+), 5 deletions(-)
+
+diff --git a/src/locales/en-US.json b/src/locales/en-US.json
+index 637f052..8d98abb 100644
+--- a/src/locales/en-US.json
++++ b/src/locales/en-US.json
+@@ -617,6 +617,7 @@
+ "confirmPassword": "Confirm new password",
+ "defaultUTC": "Default (UTC)",
+ "newPassword": "New password",
++ "currentPassword": "Current password",
+ "newPassLabelTextInfo": "Password must be between %{min} - %{max} characters",
+ "passwordsDoNotMatch": "Passwords do not match",
+ "profileInfoTitle": "Profile information",
+@@ -625,7 +626,8 @@
+ "timezoneDisplayDesc": "Select how time is displayed throughout the application",
+ "username": "Username",
+ "toast": {
+- "successSaveSettings": "Successfully saved account settings."
++ "successSaveSettings": "Successfully saved account settings.",
++ "wrongCredentials": "Wrong credentials"
+ }
+ },
+ "pageNetwork": {
+diff --git a/src/views/ProfileSettings/ProfileSettings.vue b/src/views/ProfileSettings/ProfileSettings.vue
+index 35fc800..330fd4a 100644
+--- a/src/views/ProfileSettings/ProfileSettings.vue
++++ b/src/views/ProfileSettings/ProfileSettings.vue
+@@ -23,6 +23,21 @@
+
++
++
++
++
++
+ {
+- (this.form.newPassword = ''), (this.form.confirmPassword = '');
++ (this.form.newPassword = ''),
++ (this.form.confirmPassword = ''),
++ (this.form.currentPassword = '');
+ this.$v.$reset();
+ this.successToast(message);
++ this.$store.dispatch('authentication/logout');
+ })
+ .catch(({ message }) => this.errorToast(message));
+ },
+@@ -212,10 +231,37 @@ export default {
+ );
+ },
+ submitForm() {
+- if (this.form.confirmPassword || this.form.newPassword) {
+- this.saveNewPasswordInputData();
++ if (
++ this.form.confirmPassword &&
++ this.form.newPassword &&
++ this.form.currentPassword
++ ) {
++ this.confirmAuthenticate();
+ }
+- this.saveTimeZonePrefrenceData();
++ if (
++ this.$store.getters['global/isUtcDisplay'] != this.form.isUtcDisplay
++ ) {
++ this.saveTimeZonePrefrenceData();
++ }
++ },
++ confirmAuthenticate() {
++ this.$v.form.newPassword.$touch();
++ if (this.$v.$invalid) return;
++
++ const username = this.username;
++ const password = this.form.currentPassword;
++
++ this.$store
++ .dispatch('authentication/login', { username, password })
++ .then(() => {
++ this.saveNewPasswordInputData();
++ })
++ .catch(() => {
++ this.$v.$reset();
++ this.errorToast(
++ this.$t('pageProfileSettings.toast.wrongCredentials')
++ );
++ });
+ },
+ },
+ };
+--
+2.25.1
+
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/webui/webui-vue_%.bbappend b/meta-openbmc-mods/meta-common/recipes-phosphor/webui/webui-vue_%.bbappend
index bdd6a3bad..412e88501 100644
--- a/meta-openbmc-mods/meta-common/recipes-phosphor/webui/webui-vue_%.bbappend
+++ b/meta-openbmc-mods/meta-common/recipes-phosphor/webui/webui-vue_%.bbappend
@@ -6,6 +6,7 @@ FILESEXTRAPATHS:append := "${THISDIR}/${PN}:"
SRC_URI += " \
file://login-company-logo.svg \
file://logo-header.svg \
+ file://0001-Old-password-input-in-change-password-screen.patch \
"
do_compile:prepend() {
--
cgit v1.2.3