/**
*
* @expectedException Application\Exceptions\ValidateException
*/
public function testLastUsedPasswordsMaxReached()
{
// User should be a service provider
$user = clone $this->_user;
$user->id = null;
$user->setOrganizationId(self::PROVIDER_COMMERCIAL_ORG_ID);
$user->save();
// Update password N times
$limit = \app::config('lastUsedPasswordsLimit');
$loops = $limit + 5;
for ($i = 0; $i < $loops; $i++) {
$lastPassword = '******' . rand(1000, 9999);
$user = $this->_service->updatePassword($user, $lastPassword);
$lastUsedPasswords = $this->_service->getLastUsedPasswords($user->id);
$this->assertNotEmpty($lastUsedPasswords);
}
$this->assertEquals(count($lastUsedPasswords), $limit);
// Try to insert an existent password in a list
$this->_service->updatePassword($user, $lastPassword);
}
public function changeMyPasswordAction()
{
if ($this->getRequest()->isPost()) {
$user = $this->_getUser();
if ($user->impersonatingOrgId) {
throw new \Application\Exceptions\ForbiddenException("User update not allowed while impersonation.");
}
$user = App::getUserLogged();
$data = $this->_helper->requestData();
$passw = $data['password'];
$oldPassw = $data['oldPassword'];
if (!$passw) {
throw new \Application\Exceptions\InvalidArgumentException("password param not given");
}
if (!$oldPassw) {
throw new \Application\Exceptions\InvalidArgumentException("oldPassword param not given");
}
$result = $this->_userSrv->updatePassword($user, $passw, $oldPassw);
$result->setPassword(null);
$this->view->data = $result;
} else {
throw new ForbiddenException("LostPassword action must be a post request");
}
}
