rm repo change password

seahub/api2/endpoints/repo_set_password.py

@@ -1,4 +1,6 @@
 # Copyright (c) 2012-2016 Seafile Ltd.
+import logging
+
 from rest_framework.authentication import SessionAuthentication
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
@@ -13,6 +15,10 @@ from seahub.api2.authentication import TokenAuthentication
 from seahub.api2.throttling import UserRateThrottle
 from seahub.api2.utils import api_error
 
+from seahub.utils import is_org_context
+
+logger = logging.getLogger(__name__)
+
 class RepoSetPassword(APIView):
 
     authentication_classes = (TokenAuthentication, SessionAuthentication )
@@ -47,3 +53,52 @@ class RepoSetPassword(APIView):
             else:
                 error_msg = _(u'Decrypt library error')
                 return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
+
+    def put(self, request, repo_id):
+        """ Change repo password.
+
+        Permission checking:
+        1. repo owner
+        """
+
+        # argument check
+        old_password = request.POST.get('old_password', None)
+        if not old_password:
+            error_msg = 'old_password invalid.'
+            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
+
+        new_password = request.POST.get('new_password', None)
+        if not new_password:
+            error_msg = 'new_password invalid.'
+            return api_error(status.HTTP_400_BAD_REQUEST, error_msg)
+
+        # resource check
+        repo = seafile_api.get_repo(repo_id)
+        if not repo:
+            error_msg = 'Library %s not found.' % repo_id
+            return api_error(status.HTTP_404_NOT_FOUND, error_msg)
+
+        # permission check
+        if is_org_context(request):
+            repo_owner = seafile_api.get_org_repo_owner(repo.id)
+        else:
+            repo_owner = seafile_api.get_repo_owner(repo.id)
+
+        username = request.user.username
+        if username != repo_owner:
+            error_msg = 'Permission denied.'
+            return api_error(status.HTTP_403_FORBIDDEN, error_msg)
+
+        # change password
+        try:
+            seafile_api.change_repo_passwd(repo_id, old_password, new_password, username)
+        except SearpcError as e:
+            if e.msg == 'Incorrect password':
+                error_msg = _(u'Wrong old password')
+                return api_error(status.HTTP_403_FORBIDDEN, error_msg)
+            else:
+                logger.error(e)
+                error_msg = 'Internal Server Error'
+                return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg)
+
+        return Response({'success': True})

seahub/urls.py

@@ -153,7 +153,6 @@ urlpatterns = patterns(
     url(r'^ajax/upload-file-done/$', upload_file_done, name='upload_file_done'),
     url(r'^ajax/get_popup_notices/$', get_popup_notices, name='get_popup_notices'),
     url(r'^ajax/space_and_traffic/$', space_and_traffic, name='space_and_traffic'),
-    url(r'^ajax/repo/(?P<repo_id>[-0-9a-f]{36})/setting/change-passwd/$', ajax_repo_change_passwd, name='ajax_repo_change_passwd'),
 
     url(r'^ajax/(?P<repo_id>[-0-9a-f]{36})/repo-dir/recycle/more/$', ajax_repo_dir_recycle_more, name='ajax_repo_dir_recycle_more'),
 

seahub/views/ajax.py

@@ -1237,43 +1237,6 @@ def _create_repo_common(request, repo_name, repo_desc, encryption,
 
     return repo_id
 
-@login_required_ajax
-def ajax_repo_change_passwd(request, repo_id):
-    """Handle ajax post request to change library password.
-    """
-    if request.method != 'POST':
-        raise Http404
-
-    content_type = 'application/json; charset=utf-8'
-    username = request.user.username
-
-    repo = seafile_api.get_repo(repo_id)
-    if not repo:
-        raise Http404
-
-    # check permission
-    if is_org_context(request):
-        repo_owner = seafile_api.get_org_repo_owner(repo.id)
-    else:
-        repo_owner = seafile_api.get_repo_owner(repo.id)
-    is_owner = True if username == repo_owner else False
-    if not is_owner:
-        return HttpResponse(json.dumps({
-                    'error': 'Permission denied'}),
-                    status=403, content_type=content_type)
-
-    old_passwd = request.POST.get('old_passwd', '')
-    new_passwd = request.POST.get('new_passwd', '')
-    try:
-        seafile_api.change_repo_passwd(repo_id, old_passwd, new_passwd, username)
-    except SearpcError, e:
-        return HttpResponse(json.dumps({
-                    'error': e.msg,
-                    }), status=400, content_type=content_type)
-
-    return HttpResponse(json.dumps({'success': True}),
-                        content_type=content_type)
-
 @login_required_ajax
 def ajax_group_members_import(request, group_id):
     """Import users to group.

static/scripts/app/views/dialogs/repo-change-password.js

@@ -72,16 +72,15 @@ define([
 
             $.ajax({
                 url: Common.getUrl({
-                    'name': 'repo_change_password',
+                    'name': 'api_v2.1_repo_set_password',
                     'repo_id': this.repo_id
                 }),
-                type: 'POST',
+                type: 'PUT',
                 dataType: 'json',
                 beforeSend: Common.prepareCSRFToken,
                 data: {
-                    'old_passwd': old_passwd,
-                    'new_passwd': new_passwd,
-                    'new_passwd_again': new_passwd_again
+                    'old_password': old_passwd,
+                    'new_password': new_passwd
                 },
                 success: function() {
                     $.modal.close();
@@ -90,7 +89,7 @@ define([
                 error: function(xhr) {
                     var err_msg;
                     if (xhr.responseText) {
-                        err_msg = $.parseJSON(xhr.responseText).error;
+                        err_msg = $.parseJSON(xhr.responseText).error_msg;
                     } else {
                         err_msg = gettext("Failed. Please check the network.");
                     }

static/scripts/common.js

@@ -116,7 +116,6 @@ define([
                 case 'repo_shared_upload_link': return siteRoot + 'api2/repos/' + options.repo_id + '/upload-shared-links/' + options.token + '/';
                 case 'repo_user_folder_perm': return siteRoot + 'api2/repos/' + options.repo_id + '/user-folder-perm/';
                 case 'repo_group_folder_perm': return siteRoot + 'api2/repos/' + options.repo_id + '/group-folder-perm/';
-                case 'repo_change_password': return siteRoot + 'ajax/repo/' + options.repo_id + '/setting/change-passwd/';
 
                 // Share admin
                 case 'share_admin_repos': return siteRoot + 'api/v2.1/shared-repos/';