From bd227b356280f54f48bc01901275833a51f87fd7 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 16 Sep 2011 15:08:17 -0400
Subject: Require current password when using passwd to change your own
 password.

Add a new required parameter, current_password. In order to ask this
first I added a new parameter option, sortorder. The lower the value the
earlier it will be prompted for.

I also changed the way autofill works. It will attempt to get the default
and if it doesn't get anything will continue prompting interactively.

Since current_password is required I'm passing a magic value that
means changing someone else's password. We need to pass something
since current_password is required.

The python-ldap passwd command doesn't seem to use the old password at
all so I do a simple bind to validate it.

https://fedorahosted.org/freeipa/ticket/1808
---
 API.txt | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'API.txt')

diff --git a/API.txt b/API.txt
index ac6560b0b..10b3f86a8 100644
--- a/API.txt
+++ b/API.txt
@@ -1829,9 +1829,10 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), 'User-friendly
 output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
 output: Output('value', <type 'unicode'>, "The primary_key value of the entry, e.g. 'jdoe' for a user")
 command: passwd
-args: 2,0,3
+args: 3,0,3
 arg: Str('principal', validate_principal, autofill=True, cli_name='user', create_default=<lambda>, label=Gettext('User name', domain='ipa', localedir=None), normalizer=<lambda>, primary_key=True)
-arg: Password('password', label=Gettext('Password', domain='ipa', localedir=None))
+arg: Password('password', label=Gettext('New Password', domain='ipa', localedir=None))
+arg: Password('current_password', autofill=True, confirm=False, default_from=<lambda>, label=Gettext('Current Password', domain='ipa', localedir=None), sortorder=-1)
 output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), 'User-friendly description of action performed')
 output: Output('result', <type 'bool'>, 'True means the operation was successful')
 output: Output('value', <type 'unicode'>, "The primary_key value of the entry, e.g. 'jdoe' for a user")
-- 
cgit