diff --git a/core/client/tpl/settings/user-profile.hbs b/core/client/tpl/settings/user-profile.hbs
index 9a0821ec33..3347106837 100644
--- a/core/client/tpl/settings/user-profile.hbs
+++ b/core/client/tpl/settings/user-profile.hbs
@@ -69,8 +69,9 @@
+
-
\ No newline at end of file
+
diff --git a/core/client/views/settings.js b/core/client/views/settings.js
index 33e68288bc..789012de2f 100644
--- a/core/client/views/settings.js
+++ b/core/client/views/settings.js
@@ -176,7 +176,8 @@
},
events: {
- 'click .button-save': 'saveUser'
+ 'click .button-save': 'saveUser',
+ 'click .button-change-password': 'changePassword'
},
saveUser: function () {
@@ -194,6 +195,55 @@
});
},
+ changePassword: function (event) {
+ event.preventDefault();
+
+ var self = this,
+ email = this.$('#user-email').val(),
+ oldPassword = this.$('#user-password-old').val(),
+ newPassword = this.$('#user-password-new').val(),
+ ne2Password = this.$('#user-new-password-verification').val();
+
+ if (newPassword !== ne2Password || newPassword.length < 6 || oldPassword.length < 6) {
+ this.saveError();
+ return;
+ }
+
+ $.ajax({
+ url: '/ghost/changepw/',
+ type: 'POST',
+ data: {
+ email: email,
+ password: oldPassword,
+ newpassword: newPassword,
+ ne2password: ne2Password
+ },
+ success: function (msg) {
+
+ self.addSubview(new Ghost.Views.NotificationCollection({
+ model: [{
+ type: 'success',
+ message: msg.msg,
+ status: 'passive',
+ id: 'success-98'
+ }]
+ }));
+ self.$('#user-password-old').val('');
+ self.$('#user-password-new').val('');
+ self.$('#user-new-password-verification').val('');
+ },
+ error: function (obj, string, status) {
+ self.addSubview(new Ghost.Views.NotificationCollection({
+ model: [{
+ type: 'error',
+ message: 'Invalid username or password',
+ status: 'passive'
+ }]
+ }));
+ }
+ });
+ },
+
templateName: 'settings/user-profile',
beforeRender: function () {
diff --git a/core/server/api.js b/core/server/api.js
index 0c00782c23..a1e4387575 100644
--- a/core/server/api.js
+++ b/core/server/api.js
@@ -65,6 +65,9 @@ users = {
},
check: function check(postData) {
return dataProvider.User.check(postData);
+ },
+ changePassword: function changePassword(postData) {
+ return dataProvider.User.changePassword(postData);
}
};
diff --git a/core/server/controllers/admin.js b/core/server/controllers/admin.js
index 904541ce69..ff48e8d6f3 100644
--- a/core/server/controllers/admin.js
+++ b/core/server/controllers/admin.js
@@ -69,6 +69,19 @@ adminControllers = {
res.send(401);
});
},
+ changepw: function (req, res) {
+ api.users.changePassword({
+ email: req.body.email,
+ oldpw: req.body.password,
+ newpw: req.body.newpassword,
+ ne2pw: req.body.ne2password
+ }).then(function (user) {
+ res.json(200, {msg: 'Password changed successfully'});
+ }, function (error) {
+ res.send(401);
+ });
+
+ },
'signup': function (req, res) {
res.render('signup', {
bodyClass: 'ghost-login',
diff --git a/core/server/models/user.js b/core/server/models/user.js
index 3a1cb4b57b..d387c4501f 100644
--- a/core/server/models/user.js
+++ b/core/server/models/user.js
@@ -124,6 +124,37 @@ User = GhostBookshelf.Model.extend({
}, errors.logAndThrowError);
},
+ /**
+ * Naive change password method
+ * @param {object} _userdata email, old pw, new pw, new pw2
+ *
+ */
+ changePassword: function (_userdata) {
+ var email = _userdata.email,
+ oldPassword = _userdata.oldpw,
+ newPassword = _userdata.newpw,
+ ne2Password = _userdata.ne2pw;
+
+ if (newPassword !== ne2Password) {
+ return when.reject(new Error('Passwords aren\'t the same'));
+ }
+
+ return this.forge({
+ email_address: email
+ }).fetch({require: true}).then(function (user) {
+ return nodefn.call(bcrypt.compare, oldPassword, user.get('password'))
+ .then(function (matched) {
+ if (!matched) {
+ return when.reject(new Error('Passwords do not match'));
+ }
+ return nodefn.call(bcrypt.hash, newPassword, null, null).then(function (hash) {
+ user.save({password: hash});
+ return user;
+ });
+ });
+ });
+ },
+
effectivePermissions: function (id) {
return this.read({id: id}, { withRelated: ['permissions', 'roles.permissions'] })
.then(function (foundUser) {
@@ -162,4 +193,4 @@ Users = GhostBookshelf.Collection.extend({
module.exports = {
User: User,
Users: Users
-};
\ No newline at end of file
+};
diff --git a/index.js b/index.js
index 418c8c4e22..c0b124fff9 100644
--- a/index.js
+++ b/index.js
@@ -177,6 +177,7 @@ when.all([ghost.init(), filters.loadCoreFilters(ghost), helpers.loadCoreHelpers(
ghost.app().get('/ghost/signup/', admin.signup);
ghost.app().post('/ghost/login/', admin.auth);
ghost.app().post('/ghost/signup/', admin.doRegister);
+ ghost.app().post('/ghost/changepw/', auth, admin.changepw);
ghost.app().get('/ghost/editor/:id', auth, admin.editor);
ghost.app().get('/ghost/editor', auth, admin.editor);
ghost.app().get('/ghost/content', auth, admin.content);