diff --git a/core/lib/Drupal/Core/Render/Element/PasswordConfirm.php b/core/lib/Drupal/Core/Render/Element/PasswordConfirm.php
index 9bc32b7..c37b511 100644
--- a/core/lib/Drupal/Core/Render/Element/PasswordConfirm.php
+++ b/core/lib/Drupal/Core/Render/Element/PasswordConfirm.php
@@ -49,17 +49,22 @@ public static function valueCallback(&$element, $input, FormStateInterface $form
public static function processPasswordConfirm(&$element, FormStateInterface $form_state, &$complete_form) {
$element['pass1'] = array(
'#type' => 'password',
- '#title' => t('Password'),
+ '#title' => !empty($element['#title1']) ? $element['#title1'] : t('New password'),
'#value' => empty($element['#value']) ? NULL : $element['#value']['pass1'],
'#required' => $element['#required'],
'#attributes' => array('class' => array('password-field')),
);
$element['pass2'] = array(
'#type' => 'password',
- '#title' => t('Confirm password'),
+ '#title' => !empty($element['#title2']) ? $element['#title2'] : t('Confirm password'),
'#value' => empty($element['#value']) ? NULL : $element['#value']['pass2'],
'#required' => $element['#required'],
'#attributes' => array('class' => array('password-confirm')),
+ '#states' => array(
+ 'visible' => array(
+ ':input[name="pass[pass1]"]' => array('filled' => TRUE),
+ ),
+ ),
);
$element['#element_validate'] = array(array(get_called_class(), 'validatePasswordConfirm'));
$element['#tree'] = TRUE;
diff --git a/core/modules/user/src/AccountForm.php b/core/modules/user/src/AccountForm.php
index 033731f..cff95cf 100644
--- a/core/modules/user/src/AccountForm.php
+++ b/core/modules/user/src/AccountForm.php
@@ -119,8 +119,10 @@ public function form(array $form, FormStateInterface $form_state) {
if (!$register) {
$form['account']['pass'] = array(
'#type' => 'password_confirm',
+ '#prefix' => '
' . $this->t('Change password') . '
',
+ '#title2' => $this->t('Confirm new password'),
'#size' => 25,
- '#description' => $this->t('To change the current user password, enter the new password in both fields.'),
+ '#description' => $this->t('To change the current user password, enter the new password.'),
);
// To skip the current password field, the user must have logged in via a
@@ -138,11 +140,11 @@ public function form(array $form, FormStateInterface $form_state) {
// password if they logged in via a one-time login link.
if (!$form_state->get('user_pass_reset')) {
$protected_values['mail'] = $form['account']['mail']['#title'];
- $protected_values['pass'] = $this->t('Password');
+ $protected_values['pass'] = $this->t('New password');
$request_new = $this->l($this->t('Reset your password'), new Url('user.pass',
array(), array('attributes' => array('title' => $this->t('Send password reset instructions via e-mail.'))))
);
- $current_pass_description = $this->t('Required if you want to change the %mail or %pass below. !request_new.',
+ $current_pass_description = $this->t('Confirm your current password to change the %mail or %pass above. !request_new.',
array(
'%mail' => $protected_values['mail'],
'%pass' => $protected_values['pass'],
@@ -164,11 +166,17 @@ public function form(array $form, FormStateInterface $form_state) {
'#size' => 25,
'#access' => !empty($protected_values),
'#description' => $current_pass_description,
- '#weight' => -5,
// Do not let web browsers remember this password, since we are
// trying to confirm that the person submitting the form actually
// knows the current one.
'#attributes' => array('autocomplete' => 'off'),
+ '#states' => array(
+ // Only show this field when mail or new password has changed.
+ 'visible' => array(
+ array(':input[name="mail"]' => array('!value' => $account->getEmail())),
+ array(':input[name="pass[pass1]"]' => array('filled' => TRUE)),
+ ),
+ ),
);
$form_state->set('user', $account);
diff --git a/core/modules/user/src/Tests/UserEditTest.php b/core/modules/user/src/Tests/UserEditTest.php
index 38acdb8..a9176df 100644
--- a/core/modules/user/src/Tests/UserEditTest.php
+++ b/core/modules/user/src/Tests/UserEditTest.php
@@ -86,7 +86,7 @@ function testUserEdit() {
$edit = array();
$edit['mail'] = $this->randomMachineName() . '@new.example.com';
$this->drupalPostForm("user/" . $user1->id() . "/edit", $edit, t('Save'));
- $this->assertRaw(t("Your current password is missing or incorrect; it's required to change the %name.", array('%name' => t('Email address'))));
+ $this->assertRaw(t("Your current password is missing or incorrect; it's required to change the \"%name\" field.", array('%name' => 'Email address')));
$edit['current_pass'] = $user1->pass_raw;
$this->drupalPostForm("user/" . $user1->id() . "/edit", $edit, t('Save'));
@@ -97,7 +97,7 @@ function testUserEdit() {
$edit['pass[pass1]'] = $new_pass = $this->randomMachineName();
$edit['pass[pass2]'] = $new_pass;
$this->drupalPostForm("user/" . $user1->id() . "/edit", $edit, t('Save'));
- $this->assertRaw(t("Your current password is missing or incorrect; it's required to change the %name.", array('%name' => t('Password'))));
+ $this->assertRaw(t("Your current password is missing or incorrect; it's required to change the \"%name\" field.", array('%name' => 'New password')));
// Try again with the current password.
$edit['current_pass'] = $user1->pass_raw;
diff --git a/core/modules/user/src/Tests/UserPasswordResetTest.php b/core/modules/user/src/Tests/UserPasswordResetTest.php
index 3d89581..9a69f9f 100644
--- a/core/modules/user/src/Tests/UserPasswordResetTest.php
+++ b/core/modules/user/src/Tests/UserPasswordResetTest.php
@@ -117,7 +117,7 @@ function testUserPasswordReset() {
// Verify that the password reset session has been destroyed.
$this->drupalPostForm(NULL, $edit, t('Save'));
- $this->assertText(t('Your current password is missing or incorrect; it\'s required to change the Password.'), 'Password needed to make profile changes.');
+ $this->assertText(t('Your current password is missing or incorrect; it\'s required to change the "New password" field.'), 'Password needed to make profile changes.');
// Log out, and try to log in again using the same one-time link.
$this->drupalLogout();
diff --git a/core/modules/user/user.module b/core/modules/user/user.module
index 5d39ce3..9604d7b 100644
--- a/core/modules/user/user.module
+++ b/core/modules/user/user.module
@@ -393,6 +393,32 @@ function _user_role_permissions_update($roles) {
}
/**
+ * Determine whether the user has a given privilege.
+ *
+ * @param $string
+ * The permission, such as "administer nodes", being checked for.
+ * @param \Drupal\Core\Session\AccountInterface $account
+ * (optional) The account to check, if not given use currently logged in user.
+ *
+ * @return bool
+ * Boolean TRUE if the current user has the requested permission.
+ *
+ * @deprecated in Drupal 8.x-dev, will be removed before Drupal 8.0.
+ * Use \Drupal\Core\Session\AccountInterface::hasPermission().
+ */
+function user_access($string, AccountInterface $account = NULL) {
+ global $user;
+
+ if (!isset($account)) {
+ // In the installer request session is not set, so we have to fall back
+ // to the global $user. In all other cases the session key is preferred.
+ $account = \Drupal::currentUser() ?: $user;
+ }
+
+ return $account->hasPermission($string);
+}
+
+/**
* Checks for usernames blocked by user administration.
*
* @param $name
@@ -435,7 +461,7 @@ function user_validate_current_pass(&$form, FormStateInterface $form_state) {
if ((strlen(trim($form_state->getValue($key))) > 0) && ($form_state->getValue($key) != $current_value)) {
$current_pass_failed = $form_state->isValueEmpty('current_pass') || !\Drupal::service('password')->check($form_state->getValue('current_pass'), $account);
if ($current_pass_failed) {
- $form_state->setErrorByName('current_pass', t("Your current password is missing or incorrect; it's required to change the %name.", array('%name' => $name)));
+ $form_state->setErrorByName('current_pass', t("Your current password is missing or incorrect; it's required to change the \"%name\" field.", array('%name' => $name)));
$form_state->setErrorByName($key);
}
// We only need to check the password once.