Skip to content

Add current password field to self-service password change forms#741

Open
sushantpatil1214 wants to merge 1 commit into
masterfrom
password_change
Open

Add current password field to self-service password change forms#741
sushantpatil1214 wants to merge 1 commit into
masterfrom
password_change

Conversation

@sushantpatil1214

@sushantpatil1214 sushantpatil1214 commented Jul 15, 2026

Copy link
Copy Markdown
Collaborator

Add current password field to self-service password change forms

Backend now requires and verifies the account's current password
before accepting a new one. Add the corresponding "Current Password"
input and validation to the Profile page and to the admin Users modal
(shown there only when an admin edits their own account).

Screenshot from 2026-07-15 11-13-44 Screenshot from 2026-07-15 11-14-37

Summary by CodeRabbit

  • New Features

    • Added current-password verification when changing a profile password.
    • Added current-password input and validation when editing the signed-in user through the user management modal.
    • Improved password forms with clearer new-password and confirmation fields.
  • Tests

    • Updated profile password-change coverage to include the current password.

@coderabbitai

coderabbitai Bot commented Jul 15, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 536fb0cf-6247-4b23-8712-c1397f7878ff

📥 Commits

Reviewing files that changed from the base of the PR and between 13160e4 and 33e8ef8.

📒 Files selected for processing (5)
  • app/scripts/controllers/profile.js
  • app/scripts/controllers/usersmodal.js
  • app/views/profile.html
  • app/views/usersmodal.html
  • test/spec/controllers/profile.js

Walkthrough

Profile and user-modal password changes now collect a current password, validate it for applicable updates, and include it in API update payloads. The profile and modal templates expose conditional current-password fields, with the profile test updated accordingly.

Changes

Password change flow

Layer / File(s) Summary
Profile password update flow
app/scripts/controllers/profile.js, app/views/profile.html, test/spec/controllers/profile.js
Profile password validation and submission now include currentPassword; the form exposes current, new, and confirmation fields, and the update test supplies the current password.
User modal password update flow
app/scripts/controllers/usersmodal.js, app/views/usersmodal.html
The modal loads session identity, conditionally requires current password for self-updates, and sends it in update payloads.

Estimated code review effort: 3 (Moderate) | ~20 minutes

Sequence Diagram(s)

sequenceDiagram
  participant ProfileForm
  participant ProfileCtrl
  participant ApiUsers
  ProfileForm->>ProfileCtrl: submit current and new passwords
  ProfileCtrl->>ProfileCtrl: validate current password
  ProfileCtrl->>ApiUsers: update user credentials
Loading
sequenceDiagram
  participant UsersModal
  participant UsersModalCtrl
  participant LocalStorage
  participant ApiUsers
  UsersModalCtrl->>LocalStorage: read consoleSession
  UsersModal->>UsersModalCtrl: submit current and new passwords
  UsersModalCtrl->>UsersModalCtrl: validate self-update password
  UsersModalCtrl->>ApiUsers: update user credentials
Loading

Poem

A bunny found a password gate,
With current keys to validate.
New words bloom, confirmations align,
Controllers carry each required sign.
“Hop!” says the rabbit—the flow is fine.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly summarizes the main change: adding a current password field to self-service password change forms.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch password_change

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant