auth::password::change (public)

 auth::password::change -user_id user_id -old_password old_password \
    -new_password new_password

Defined in packages/acs-authentication/tcl/password-procs.tcl

Change the user's password.

Switches:

-user_id

(required)

The ID of the user whose password you want to change.

-old_password

(required)

The current password of that user. This is required for security purposes.

-new_password

(required)

The desired new password of the user.

Returns:

An array list with the following entries:

• password_status: "ok", "no_account", "not_supported", "old_password_bad", "new_password_bad", "change_error", "failed_to_connect"
• password_message: A human-readable description of what went wrong.

Partial Call Graph (max 5 caller/called nodes):

Testcases:

auth_password_change, auth_email_on_password_change

Source code:

    set user [acs_user::get_user_info -user_id $user_id]
    set username     [dict get $user username]
    set authority_id [dict get $user authority_id]

    ad_try {
        array set result [auth::password::ChangePassword  -authority_id $authority_id  -username $username  -new_password $new_password  -old_password $old_password ]

        # We do this so that if there aren't even a password_status in the array, that gets caught below
        set dummy $result(password_status)
    } on error {errorMsg} {
        set result(password_status) failed_to_connect
        set result(password_message) $errorMsg
        ad_log Error "Error invoking password management driver for authority_id = $authority_id: $errorMsg"
    }

    # Check the result code and provide canned responses
    switch $result(password_status) {
        ok {
            # Invalidate existing login tokens sitting on random other browsers out there
            set connection_user_id [ad_conn user_id]

            sec_change_user_auth_token $user_id

            # Refresh the current user's cookies, so he doesn't get logged out,
            # if this user was logged in before changing password
            if { [ns_conn isconnected] && $user_id == $connection_user_id } {
                ad_user_login -account_status [ad_conn account_status] $user_id
            }
        }
        no_account - not_supported - old_password_bad - new_password_bad - change_error - failed_to_connect {
            if { ![info exists result(password_message)] || $result(password_message) eq "" } {
                array set default_message {
                    no_account {Unknown username}
                    not_supported {This operation is not supported}
                    old_password_bad {Current password incorrect}
                    new_password_bad {New password not accepted}
                    change_error {Error changing password}
                    failed_to_connect {Error communicating with authentication server}
                }
                set result(password_message) $default_message($result(password_status))
            }
        }
        default {
            set result(password_status) "failed_to_connect"
            set result(password_message) "Illegal code returned from password management driver"
            ad_log Error "Error invoking password management driver for authority_id = $authority_id: Illegal return code from driver: $result(password_status)"
        }
    }

    return [array get result]

XQL Not present:

Generic, PostgreSQL, Oracle