[stable10] Add confirm password after new password

core/css/lostpassword/resetpassword.css

@@ -13,3 +13,11 @@
 #password {
 	width: 100% !important;
 }
+
+#retypepassword {
+	width: 100% !important;
+}
+
+#message {
+	width: 94% !important;
+}

core/js/lostpassword.js

@@ -75,8 +75,9 @@ OC.Lostpassword = {
 	},
 
 	resetPassword : function(event){
+		$('#password').parent().removeClass('shake');
 		event.preventDefault();
-		if ($('#password').val()){
+		if ($('#password').val() === $('#retypepassword').val()){
 			$.post(
 					$('#password').parents('form').attr('action'),
 					{
@@ -85,6 +86,15 @@ OC.Lostpassword = {
 					},
 					OC.Lostpassword.resetDone
 			);
+		} else {
+			//Password mismatch happened
+			$('#password').val('');
+			$('#retypepassword').val('');
+			$('#password').parent().addClass('shake');
+			$('#message').addClass('warning');
+			$('#message').text('Passwords do not match');
+			$('#message').show();
+			$('#password').focus();
 		}
 		if($('#encrypted-continue').is(':checked')) {
 			$('#reset-password #submit').hide();
@@ -140,4 +150,16 @@ OC.Lostpassword = {
 
 };
 
-$(document).ready(OC.Lostpassword.init);
+$(document).ready(function () {
+	OC.Lostpassword.init();
+	$('#password').keypress(function () {
+		/*
+		 The warning message should be shown only during password mismatch.
+		 Else it should not.
+		 */
+		if (($('#password').val().length >= 0) && ($('#retypepassword').val().length === 0)) {
+			$('#message').removeClass('warning');
+			$('#message').text('');
+		}
+	});
+});

core/templates/lostpassword/resetpassword.php

@@ -28,9 +28,13 @@
 
 <form action="<?php print_unescaped($_['link']) ?>" id="reset-password" method="post">
 	<fieldset>
-		<p>
+		<p class="groupbottom<?php if (!empty($_['invalidpassword'])) {
+	?> shake<?php
+} ?>">
 			<label for="password" class="infield"><?php p($l->t('New password')); ?></label>
 			<input type="password" name="password" id="password" value="" placeholder="<?php p($l->t('New Password')); ?>" autocomplete="off" required autofocus />
+			<input type="password" name="retypepassword" id="retypepassword" value="" placeholder="<?php p($l->t('Confirm Password')); ?>"/>
+			<span id='message'></span>
 		</p>
 		<input type="submit" id="submit" value="<?php p($l->t('Reset password')); ?>" />
 		<p class="text-center">

tests/acceptance/features/bootstrap/WebUILoginContext.php

@@ -545,16 +545,46 @@ public function theUserFollowsThePasswordResetLinkFromTheirEmailUsingInvalidToke
 	}
 
 	/**
-	 * @When the user resets/sets the password to :newPassword using the webUI
-	 * @Given the user has reset/set the password to :newPassword using the webUI
+	 * @When the user resets/sets the password to :newPassword and confirms with the same password using the webUI
+	 * @Given the user has reset/set the password to :newPassword and confirms with the same password using the webUI
 	 *
 	 * @param string $newPassword
 	 *
 	 * @return void
 	 */
-	public function theUserResetsThePasswordToUsingTheWebui($newPassword) {
+	public function theUserResetsThePasswordWithSameConfirmationToUsingTheWebui($newPassword) {
 		$newPassword = $this->featureContext->getActualPassword($newPassword);
-		$this->loginPage->resetThePassword($newPassword, $this->getSession());
+		$confirmNewPassword = $this->featureContext->getActualPassword($newPassword);
+		$this->loginPage->resetThePassword($newPassword, $confirmNewPassword, $this->getSession());
+	}
+
+	/**
+	 * @When the user resets/sets the password to :newPassword and confirms with :confirmPassword using the webUI
+	 * @Given the user has reset/set the password to :newPassword and confirms with :confirmPassword using the webUI
+	 *
+	 * @param string $newPassword
+	 * @param string $confirmNewPassword
+	 *
+	 * @return void
+	 */
+	public function theUserResetsPasswordWIthDiffConfirmUsingTheWebUI($newPassword, $confirmNewPassword) {
+		$newPassword = $this->featureContext->getActualPassword($newPassword);
+		$this->loginPage->resetThePassword($newPassword, $confirmNewPassword, $this->getSession());
+	}
+
+	/**
+	 * @Then the user should see a password mismatch message displayed on the webUI
+	 *
+	 * @param PyStringNode $string
+	 *
+	 * @return void
+	 */
+	public function theUserResetConfirmPasswordErrorMessage(PyStringNode $string) {
+		$expectedString = $string->getRaw();
+		$passwordMismatchMessage = $this->loginPage->getRestPasswordConfirmError();
+		PHPUnit_Framework_Assert::assertEquals(
+			$expectedString, $passwordMismatchMessage
+		);
 	}
 
 	/**

tests/acceptance/features/lib/LoginPage.php

@@ -38,6 +38,8 @@ class LoginPage extends OwncloudPage {
 	protected $path = '/index.php/login';
 	protected $userInputId = "user";
 	protected $passwordInputId = "password";
+	protected $confirmPasswordInputId = "retypepassword";
+	protected $passwordResetConfrimMessage = "message";
 	protected $submitLoginId = "submit";
 	protected $lostPasswordId = "lost-password";
 	protected $setPasswordErrorMessageId = "error-message";
@@ -196,16 +198,26 @@ public function getLostPasswordResetErrorMessage() {
 	/**
 	 *
 	 * @param string $newPassword
+	 * @param string $confirmNewPassword
 	 * @param Session $session
 	 *
 	 * @return void
 	 */
-	public function resetThePassword($newPassword, Session $session) {
+	public function resetThePassword($newPassword, $confirmNewPassword, Session $session) {
 		$this->fillField($this->passwordInputId, $newPassword);
+		$this->fillField($this->confirmPasswordInputId, $confirmNewPassword);
 		$this->findById($this->submitLoginId)->click();
 		$this->waitForAjaxCallsToStartAndFinish($session);
 	}
 
+	/**
+	 * @return string
+	 */
+	public function getRestPasswordConfirmError() {
+		$messageVal = $this->findById($this->passwordResetConfrimMessage)->getText();
+		return $messageVal;
+	}
+
 	/**
 	 *
 	 * @param string $legalUrlType

tests/acceptance/features/webUILogin/resetPassword.feature

@@ -30,7 +30,7 @@ Feature: reset the password
     When the user requests the password reset link using the webUI
     And the user follows the password reset link from email address "user1@example.org"
     Then the user should be redirected to a webUI page with the title "%productname%"
-    When the user resets the password to "%alt3%" using the webUI
+    When the user resets the password to "%alt3%" and confirms with the same password using the webUI
     Then the email address "user1@example.org" should have received an email with the body containing
       """
       Password changed successfully
@@ -43,7 +43,7 @@ Feature: reset the password
     When the user requests the password reset link using the webUI
     And the user follows the password reset link from email address "user1@example.org"
     Then the user should be redirected to a webUI page with the title "%productname%"
-    When the user resets the password to "%alt3%" using the webUI
+    When the user resets the password to "%alt3%" and confirms with the same password using the webUI
     Then the email address "user1@example.org" should have received an email with the body containing
       """
       Password changed successfully
@@ -69,3 +69,14 @@ Feature: reset the password
       """
       Could not reset password because the token does not match
       """
+
+  @skipOnEncryption
+  Scenario: When new password and confirmation password are different does not reset user password
+    When the user requests the password reset link using the webUI
+    And the user follows the password reset link from email address "user1@example.org"
+    Then the user should be redirected to a webUI page with the title "%productname%"
+    When the user resets the password to "%alt3%" and confirms with "foo" using the webUI
+    Then the user should see a password mismatch message displayed on the webUI
+    """
+    Passwords do not match
+    """