diff --git a/core/lib/Drupal/Core/Render/Element/PasswordConfirm.php b/core/lib/Drupal/Core/Render/Element/PasswordConfirm.php index 00295d5..f0ddab2 100644 --- a/core/lib/Drupal/Core/Render/Element/PasswordConfirm.php +++ b/core/lib/Drupal/Core/Render/Element/PasswordConfirm.php @@ -72,7 +72,7 @@ public static function valueCallback(&$element, $input, FormStateInterface $form public static function processPasswordConfirm(&$element, FormStateInterface $form_state, &$complete_form) { $element['pass1'] = array( '#type' => 'password', - '#title' => t('Password'), + '#title' => !empty($element['#title1']) ? $element['#title1'] : t('New password'), '#value' => empty($element['#value']) ? NULL : $element['#value']['pass1'], '#required' => $element['#required'], '#attributes' => array('class' => array('password-field', 'js-password-field')), @@ -80,11 +80,17 @@ public static function processPasswordConfirm(&$element, FormStateInterface $for ); $element['pass2'] = array( '#type' => 'password', - '#title' => t('Confirm password'), + '#title' => !empty($element['#title2']) ? $element['#title2'] : t('Confirm password'), '#value' => empty($element['#value']) ? NULL : $element['#value']['pass2'], '#required' => $element['#required'], '#attributes' => array('class' => array('password-confirm', 'js-password-confirm')), '#error_no_message' => TRUE, + '#attributes' => array('class' => array('password-confirm')), + '#states' => array( + 'visible' => array( + ':input[name="pass[pass1]"]' => array('filled' => TRUE), + ), + ), ); $element['#element_validate'] = array(array(get_called_class(), 'validatePasswordConfirm')); $element['#tree'] = TRUE; diff --git a/core/modules/user/src/AccountForm.php b/core/modules/user/src/AccountForm.php index 4b10f19..7d3ddf3 100644 --- a/core/modules/user/src/AccountForm.php +++ b/core/modules/user/src/AccountForm.php @@ -121,8 +121,10 @@ public function form(array $form, FormStateInterface $form_state) { if (!$register) { $form['account']['pass'] = array( '#type' => 'password_confirm', + '#prefix' => '

' . $this->t('Change password') . '

', + '#title2' => $this->t('Confirm new password'), '#size' => 25, - '#description' => $this->t('To change the current user password, enter the new password in both fields.'), + '#description' => $this->t('To change the current user password, enter the new password.'), ); // To skip the current password field, the user must have logged in via a @@ -132,7 +134,25 @@ public function form(array $form, FormStateInterface $form_state) { $user_pass_reset = $pass_reset = isset($_SESSION['pass_reset_' . $account->id()]) && (\Drupal::request()->query->get('pass-reset-token') == $_SESSION['pass_reset_' . $account->id()]); $form_state->set('user_pass_reset', $user_pass_reset); } + $protected_values = array(); + $current_pass_description = ''; + // The user may only change their own password without their current + // password if they logged in via a one-time login link. + if (!$form_state->get('user_pass_reset')) { + $protected_values['mail'] = $form['account']['mail']['#title']; + $protected_values['pass'] = $this->t('New password'); + $request_new = $this->l($this->t('Reset your password'), new Url('user.pass', + array(), array('attributes' => array('title' => $this->t('Send password reset instructions via e-mail.')))) + ); + $current_pass_description = $this->t('Confirm your current password to change the %mail or %pass above. !request_new.', + array( + '%mail' => $protected_values['mail'], + '%pass' => $protected_values['pass'], + '!request_new' => $request_new, + ) + ); + } // The user must enter their current password to change to a new one. if ($user->id() == $account->id()) { $form['account']['current_pass'] = array( @@ -141,10 +161,19 @@ public function form(array $form, FormStateInterface $form_state) { '#size' => 25, '#access' => !$form_state->get('user_pass_reset'), '#weight' => -5, + '#access' => !empty($protected_values), + '#description' => $current_pass_description, // Do not let web browsers remember this password, since we are // trying to confirm that the person submitting the form actually // knows the current one. '#attributes' => array('autocomplete' => 'off'), + '#states' => array( + // Only show this field when mail or new password has changed. + 'visible' => array( + array(':input[name="mail"]' => array('!value' => $account->getEmail())), + array(':input[name="pass[pass1]"]' => array('filled' => TRUE)), + ), + ), ); $form_state->set('user', $account); diff --git a/core/modules/user/src/Tests/UserEditTest.php b/core/modules/user/src/Tests/UserEditTest.php index 07daeca..18cc860 100644 --- a/core/modules/user/src/Tests/UserEditTest.php +++ b/core/modules/user/src/Tests/UserEditTest.php @@ -47,7 +47,7 @@ function testUserEdit() { $edit = array(); $edit['mail'] = $this->randomMachineName() . '@new.example.com'; $this->drupalPostForm("user/" . $user1->id() . "/edit", $edit, t('Save')); - $this->assertRaw(t("Your current password is missing or incorrect; it's required to change the %name.", array('%name' => t('Email')))); + $this->assertRaw(t("Your current password is missing or incorrect; it\'s required to change the %name.", array('%name' => 'Email'))); $edit['current_pass'] = $user1->pass_raw; $this->drupalPostForm("user/" . $user1->id() . "/edit", $edit, t('Save')); @@ -58,7 +58,7 @@ function testUserEdit() { $edit['pass[pass1]'] = $new_pass = $this->randomMachineName(); $edit['pass[pass2]'] = $new_pass; $this->drupalPostForm("user/" . $user1->id() . "/edit", $edit, t('Save')); - $this->assertRaw(t("Your current password is missing or incorrect; it's required to change the %name.", array('%name' => t('Password')))); + $this->assertRaw(t("Your current password is missing or incorrect; it\'s required to change the %name.", array('%name' => 'Password'))); // Try again with the current password. $edit['current_pass'] = $user1->pass_raw; diff --git a/core/modules/user/src/Tests/UserPasswordResetTest.php b/core/modules/user/src/Tests/UserPasswordResetTest.php index e54dc96..fe1deb5 100644 --- a/core/modules/user/src/Tests/UserPasswordResetTest.php +++ b/core/modules/user/src/Tests/UserPasswordResetTest.php @@ -125,7 +125,7 @@ function testUserPasswordReset() { // Verify that the password reset session has been destroyed. $this->drupalPostForm(NULL, $edit, t('Save')); - $this->assertText(t('Your current password is missing or incorrect; it\'s required to change the Password.'), 'Password needed to make profile changes.'); + $this->assertRaw(t("Your current password is missing or incorrect; it\'s required to change the %name.", array('%name' => 'Password')), 'Password needed to make profile changes.'); // Log out, and try to log in again using the same one-time link. $this->drupalLogout();