diff --git a/controllers/user.go b/controllers/user.go index 70f57859..74524e08 100644 --- a/controllers/user.go +++ b/controllers/user.go @@ -551,6 +551,12 @@ func (c *ApiController) SetPassword() { return } + // Check if the new password is the same as the current password + if !object.CheckPasswordNotSameAsCurrent(targetUser, newPassword, organization) { + c.ResponseError(c.T("user:The new password must be different from your current password")) + return + } + application, err := object.GetApplicationByUser(targetUser) if err != nil { c.ResponseError(err.Error()) diff --git a/i18n/locales/ar/data.json b/i18n/locales/ar/data.json index 2dd73b09..9fb799aa 100644 --- a/i18n/locales/ar/data.json +++ b/i18n/locales/ar/data.json @@ -167,6 +167,7 @@ "MFA email is enabled but email is empty": "تم تمكين MFA للبريد الإلكتروني لكن البريد الإلكتروني فارغ", "MFA phone is enabled but phone number is empty": "تم تمكين MFA للهاتف لكن رقم الهاتف فارغ", "New password cannot contain blank space.": "كلمة المرور الجديدة لا يمكن أن تحتوي على مسافات.", + "The new password must be different from your current password": "The new password must be different from your current password", "the user's owner and name should not be empty": "مالك المستخدم واسمه لا يجب أن يكونا فارغين" }, "util": { diff --git a/i18n/locales/az/data.json b/i18n/locales/az/data.json index 0e745da3..6b7afdcc 100644 --- a/i18n/locales/az/data.json +++ b/i18n/locales/az/data.json @@ -167,6 +167,7 @@ "MFA email is enabled but email is empty": "MFA email aktiv edilib, lakin email boşdur", "MFA phone is enabled but phone number is empty": "MFA telefon aktiv edilib, lakin telefon nömrəsi boşdur", "New password cannot contain blank space.": "Yeni şifrə boş yer ehtiva edə bilməz.", + "The new password must be different from your current password": "The new password must be different from your current password", "the user's owner and name should not be empty": "istifadəçinin sahibi və adı boş olmamalıdır" }, "util": { diff --git a/i18n/locales/cs/data.json b/i18n/locales/cs/data.json index 03651498..9c81d1d3 100644 --- a/i18n/locales/cs/data.json +++ b/i18n/locales/cs/data.json @@ -167,6 +167,7 @@ "MFA email is enabled but email is empty": "MFA e-mail je povolen, ale e-mail je prázdný", "MFA phone is enabled but phone number is empty": "MFA telefon je povolen, ale telefonní číslo je prázdné", "New password cannot contain blank space.": "Nové heslo nemůže obsahovat prázdné místo.", + "The new password must be different from your current password": "The new password must be different from your current password", "the user's owner and name should not be empty": "vlastník a jméno uživatele by neměly být prázdné" }, "util": { diff --git a/i18n/locales/de/data.json b/i18n/locales/de/data.json index 86fd3639..9ef08065 100644 --- a/i18n/locales/de/data.json +++ b/i18n/locales/de/data.json @@ -167,6 +167,7 @@ "MFA email is enabled but email is empty": "MFA-E-Mail ist aktiviert, aber E-Mail ist leer", "MFA phone is enabled but phone number is empty": "MFA-Telefon ist aktiviert, aber Telefonnummer ist leer", "New password cannot contain blank space.": "Das neue Passwort darf keine Leerzeichen enthalten.", + "The new password must be different from your current password": "The new password must be different from your current password", "the user's owner and name should not be empty": "Eigentümer und Name des Benutzers dürfen nicht leer sein" }, "util": { diff --git a/i18n/locales/en/data.json b/i18n/locales/en/data.json index 9d0e3e72..bdae14ec 100644 --- a/i18n/locales/en/data.json +++ b/i18n/locales/en/data.json @@ -167,6 +167,7 @@ "MFA email is enabled but email is empty": "MFA email is enabled but email is empty", "MFA phone is enabled but phone number is empty": "MFA phone is enabled but phone number is empty", "New password cannot contain blank space.": "New password cannot contain blank space.", + "The new password must be different from your current password": "The new password must be different from your current password", "the user's owner and name should not be empty": "the user's owner and name should not be empty" }, "util": { diff --git a/i18n/locales/es/data.json b/i18n/locales/es/data.json index 63a4ab7c..9b961ef5 100644 --- a/i18n/locales/es/data.json +++ b/i18n/locales/es/data.json @@ -167,6 +167,7 @@ "MFA email is enabled but email is empty": "El correo electrónico MFA está habilitado pero el correo está vacío", "MFA phone is enabled but phone number is empty": "El teléfono MFA está habilitado pero el número de teléfono está vacío", "New password cannot contain blank space.": "La nueva contraseña no puede contener espacios en blanco.", + "The new password must be different from your current password": "The new password must be different from your current password", "the user's owner and name should not be empty": "el propietario y el nombre del usuario no deben estar vacíos" }, "util": { diff --git a/i18n/locales/fa/data.json b/i18n/locales/fa/data.json index fcebe56d..ddf27877 100644 --- a/i18n/locales/fa/data.json +++ b/i18n/locales/fa/data.json @@ -167,6 +167,7 @@ "MFA email is enabled but email is empty": "ایمیل MFA فعال است اما ایمیل خالی است", "MFA phone is enabled but phone number is empty": "تلفن MFA فعال است اما شماره تلفن خالی است", "New password cannot contain blank space.": "رمز عبور جدید نمی‌تواند حاوی فاصله خالی باشد.", + "The new password must be different from your current password": "The new password must be different from your current password", "the user's owner and name should not be empty": "مالک و نام کاربر نباید خالی باشند" }, "util": { diff --git a/i18n/locales/fi/data.json b/i18n/locales/fi/data.json index ccdf801d..734d5c2b 100644 --- a/i18n/locales/fi/data.json +++ b/i18n/locales/fi/data.json @@ -167,6 +167,7 @@ "MFA email is enabled but email is empty": "MFA-sähköposti on käytössä, mutta sähköposti on tyhjä", "MFA phone is enabled but phone number is empty": "MFA-puhelin on käytössä, mutta puhelinnumero on tyhjä", "New password cannot contain blank space.": "Uusi salasana ei voi sisältää välilyöntejä.", + "The new password must be different from your current password": "The new password must be different from your current password", "the user's owner and name should not be empty": "käyttäjän omistaja ja nimi eivät saa olla tyhjiä" }, "util": { diff --git a/i18n/locales/fr/data.json b/i18n/locales/fr/data.json index fc7a398e..6fda88d4 100644 --- a/i18n/locales/fr/data.json +++ b/i18n/locales/fr/data.json @@ -167,6 +167,7 @@ "MFA email is enabled but email is empty": "L'authentification MFA par e-mail est activée mais l'e-mail est vide", "MFA phone is enabled but phone number is empty": "L'authentification MFA par téléphone est activée mais le numéro de téléphone est vide", "New password cannot contain blank space.": "Le nouveau mot de passe ne peut pas contenir d'espace.", + "The new password must be different from your current password": "The new password must be different from your current password", "the user's owner and name should not be empty": "le propriétaire et le nom de l'utilisateur ne doivent pas être vides" }, "util": { diff --git a/i18n/locales/he/data.json b/i18n/locales/he/data.json index 315ee9d3..ec8dede7 100644 --- a/i18n/locales/he/data.json +++ b/i18n/locales/he/data.json @@ -167,6 +167,7 @@ "MFA email is enabled but email is empty": "MFA דוא\"ל מופעל אך הדוא\"ל ריק", "MFA phone is enabled but phone number is empty": "MFA טלפון מופעל אך מספר הטלפון ריק", "New password cannot contain blank space.": "הסיסמה החדשה אינה יכולה להכיל רווחים.", + "The new password must be different from your current password": "The new password must be different from your current password", "the user's owner and name should not be empty": "הבעלים והשם של המשתמש אינם יכולים להיות ריקים" }, "util": { diff --git a/i18n/locales/id/data.json b/i18n/locales/id/data.json index d1fa3950..d82ee03d 100644 --- a/i18n/locales/id/data.json +++ b/i18n/locales/id/data.json @@ -167,6 +167,7 @@ "MFA email is enabled but email is empty": "Email MFA diaktifkan tetapi email kosong", "MFA phone is enabled but phone number is empty": "Telepon MFA diaktifkan tetapi nomor telepon kosong", "New password cannot contain blank space.": "Sandi baru tidak boleh mengandung spasi kosong.", + "The new password must be different from your current password": "The new password must be different from your current password", "the user's owner and name should not be empty": "pemilik dan nama pengguna tidak boleh kosong" }, "util": { diff --git a/i18n/locales/it/data.json b/i18n/locales/it/data.json index 222be852..2003e684 100644 --- a/i18n/locales/it/data.json +++ b/i18n/locales/it/data.json @@ -167,6 +167,7 @@ "MFA email is enabled but email is empty": "L'email MFA è abilitata ma l'email è vuota", "MFA phone is enabled but phone number is empty": "Il telefono MFA è abilitato ma il numero di telefono è vuoto", "New password cannot contain blank space.": "Nuova password non può contenere spazi", + "The new password must be different from your current password": "The new password must be different from your current password", "the user's owner and name should not be empty": "il proprietario e il nome dell'utente non devono essere vuoti" }, "util": { diff --git a/i18n/locales/ja/data.json b/i18n/locales/ja/data.json index 65067edc..9a8dba88 100644 --- a/i18n/locales/ja/data.json +++ b/i18n/locales/ja/data.json @@ -167,6 +167,7 @@ "MFA email is enabled but email is empty": "MFA メールが有効になっていますが、メールアドレスが空です", "MFA phone is enabled but phone number is empty": "MFA 電話番号が有効になっていますが、電話番号が空です", "New password cannot contain blank space.": "新しいパスワードにはスペースを含めることはできません。", + "The new password must be different from your current password": "The new password must be different from your current password", "the user's owner and name should not be empty": "ユーザーのオーナーと名前は空にできません" }, "util": { diff --git a/i18n/locales/kk/data.json b/i18n/locales/kk/data.json index b1141301..b1a34a21 100644 --- a/i18n/locales/kk/data.json +++ b/i18n/locales/kk/data.json @@ -167,6 +167,7 @@ "MFA email is enabled but email is empty": "MFA-e-mail is ingeschakeld maar e-mailadres is leeg", "MFA phone is enabled but phone number is empty": "MFA-telefoon is ingeschakeld maar telefoonnummer is leeg", "New password cannot contain blank space.": "Nieuw wachtwoord mag geen spaties bevatten.", + "The new password must be different from your current password": "The new password must be different from your current password", "the user's owner and name should not be empty": "eigenaar en naam van gebruiker mogen niet leeg zijn" }, "util": { diff --git a/i18n/locales/ko/data.json b/i18n/locales/ko/data.json index f07de073..9bbb416f 100644 --- a/i18n/locales/ko/data.json +++ b/i18n/locales/ko/data.json @@ -167,6 +167,7 @@ "MFA email is enabled but email is empty": "MFA 이메일이 활성화되었지만 이메일이 비어 있습니다", "MFA phone is enabled but phone number is empty": "MFA 전화번호가 활성화되었지만 전화번호가 비어 있습니다", "New password cannot contain blank space.": "새 비밀번호에는 공백이 포함될 수 없습니다.", + "The new password must be different from your current password": "The new password must be different from your current password", "the user's owner and name should not be empty": "사용자의 소유자와 이름은 비워둘 수 없습니다" }, "util": { diff --git a/i18n/locales/ms/data.json b/i18n/locales/ms/data.json index 467b9db5..17c45b5f 100644 --- a/i18n/locales/ms/data.json +++ b/i18n/locales/ms/data.json @@ -167,6 +167,7 @@ "MFA email is enabled but email is empty": "MFA emel dibenarkan tetapi emel kosong", "MFA phone is enabled but phone number is empty": "MFA telefon dibenarkan tetapi nombor telefon kosong", "New password cannot contain blank space.": "Kata laluan baharu tidak boleh ada ruang kosong.", + "The new password must be different from your current password": "The new password must be different from your current password", "the user's owner and name should not be empty": "pemilik dan nama pengguna tidak boleh kosong" }, "util": { diff --git a/i18n/locales/nl/data.json b/i18n/locales/nl/data.json index feb4bc14..88e95593 100644 --- a/i18n/locales/nl/data.json +++ b/i18n/locales/nl/data.json @@ -167,6 +167,7 @@ "MFA email is enabled but email is empty": "MFA-e-mail ingeschakeld maar e-mailadres leeg", "MFA phone is enabled but phone number is empty": "MFA-telefoon ingeschakeld maar nummer leeg", "New password cannot contain blank space.": "Nieuw wachtwoord mag geen spaties bevatten", + "The new password must be different from your current password": "The new password must be different from your current password", "the user's owner and name should not be empty": "Eigenaar en naam van gebruiker mogen niet leeg zijn" }, "util": { diff --git a/i18n/locales/pl/data.json b/i18n/locales/pl/data.json index 49217979..69bfc6ed 100644 --- a/i18n/locales/pl/data.json +++ b/i18n/locales/pl/data.json @@ -167,6 +167,7 @@ "MFA email is enabled but email is empty": "MFA email jest włączone, ale email jest pusty", "MFA phone is enabled but phone number is empty": "MFA telefon jest włączony, ale numer telefonu jest pusty", "New password cannot contain blank space.": "Nowe hasło nie może zawierać spacji.", + "The new password must be different from your current password": "The new password must be different from your current password", "the user's owner and name should not be empty": "właściciel i nazwa użytkownika nie powinny być puste" }, "util": { diff --git a/i18n/locales/pt/data.json b/i18n/locales/pt/data.json index 1a02c800..34357ecd 100644 --- a/i18n/locales/pt/data.json +++ b/i18n/locales/pt/data.json @@ -167,6 +167,7 @@ "MFA email is enabled but email is empty": "MFA por e-mail está ativado, mas o e-mail está vazio", "MFA phone is enabled but phone number is empty": "MFA por telefone está ativado, mas o número de telefone está vazio", "New password cannot contain blank space.": "A nova senha não pode conter espaço em branco.", + "The new password must be different from your current password": "The new password must be different from your current password", "the user's owner and name should not be empty": "o proprietário e o nome do usuário não devem estar vazios" }, "util": { diff --git a/i18n/locales/ru/data.json b/i18n/locales/ru/data.json index e33efc7e..49fbb121 100644 --- a/i18n/locales/ru/data.json +++ b/i18n/locales/ru/data.json @@ -167,6 +167,7 @@ "MFA email is enabled but email is empty": "MFA по электронной почте включен, но электронная почта не указана", "MFA phone is enabled but phone number is empty": "MFA по телефону включен, но номер телефона не указан", "New password cannot contain blank space.": "Новый пароль не может содержать пробелы.", + "The new password must be different from your current password": "The new password must be different from your current password", "the user's owner and name should not be empty": "владелец и имя пользователя не должны быть пустыми" }, "util": { diff --git a/i18n/locales/sk/data.json b/i18n/locales/sk/data.json index ab43f7bb..c23a5d56 100644 --- a/i18n/locales/sk/data.json +++ b/i18n/locales/sk/data.json @@ -167,6 +167,7 @@ "MFA email is enabled but email is empty": "MFA e-mail je zapnutý, ale e-mail je prázdny", "MFA phone is enabled but phone number is empty": "MFA telefón je zapnutý, ale telefónne číslo je prázdne", "New password cannot contain blank space.": "Nové heslo nemôže obsahovať medzery.", + "The new password must be different from your current password": "The new password must be different from your current password", "the user's owner and name should not be empty": "vlastník a meno používateľa nesmú byť prázdne" }, "util": { diff --git a/i18n/locales/sv/data.json b/i18n/locales/sv/data.json index c433aa21..2be215b9 100644 --- a/i18n/locales/sv/data.json +++ b/i18n/locales/sv/data.json @@ -167,6 +167,7 @@ "MFA email is enabled but email is empty": "MFA-e-post är aktiverat men e-post är tom", "MFA phone is enabled but phone number is empty": "MFA-telefon är aktiverat men telefonnummer är tomt", "New password cannot contain blank space.": "Nytt lösenord får inte innehålla mellanslag.", + "The new password must be different from your current password": "The new password must be different from your current password", "the user's owner and name should not be empty": "användarens ägare och namn får inte vara tomma" }, "util": { diff --git a/i18n/locales/tr/data.json b/i18n/locales/tr/data.json index ceb9ef1d..6e499c29 100644 --- a/i18n/locales/tr/data.json +++ b/i18n/locales/tr/data.json @@ -167,6 +167,7 @@ "MFA email is enabled but email is empty": "MFA e-postası etkin ancak e-posta boş", "MFA phone is enabled but phone number is empty": "MFA telefonu etkin ancak telefon numarası boş", "New password cannot contain blank space.": "Yeni şifre boşluk içeremez.", + "The new password must be different from your current password": "The new password must be different from your current password", "the user's owner and name should not be empty": "kullanıcının sahibi ve adı boş olmamalıdır" }, "util": { diff --git a/i18n/locales/uk/data.json b/i18n/locales/uk/data.json index 6490c8fb..4c8d2ea8 100644 --- a/i18n/locales/uk/data.json +++ b/i18n/locales/uk/data.json @@ -167,6 +167,7 @@ "MFA email is enabled but email is empty": "MFA email увімкнено, але email порожній", "MFA phone is enabled but phone number is empty": "MFA телефон увімкнено, але номер телефону порожній", "New password cannot contain blank space.": "Новий пароль не може містити пробіли.", + "The new password must be different from your current password": "The new password must be different from your current password", "the user's owner and name should not be empty": "власник ім’я користувача не повинні бути порожніми" }, "util": { diff --git a/i18n/locales/vi/data.json b/i18n/locales/vi/data.json index 967dff40..d2d2b6fc 100644 --- a/i18n/locales/vi/data.json +++ b/i18n/locales/vi/data.json @@ -167,6 +167,7 @@ "MFA email is enabled but email is empty": "MFA email đã bật nhưng email trống", "MFA phone is enabled but phone number is empty": "MFA điện thoại đã bật nhưng số điện thoại trống", "New password cannot contain blank space.": "Mật khẩu mới không thể chứa dấu trắng.", + "The new password must be different from your current password": "The new password must be different from your current password", "the user's owner and name should not be empty": "chủ sở hữu và tên người dùng không được để trống" }, "util": { diff --git a/i18n/locales/zh/data.json b/i18n/locales/zh/data.json index 197fc98b..1985be9f 100644 --- a/i18n/locales/zh/data.json +++ b/i18n/locales/zh/data.json @@ -167,6 +167,7 @@ "MFA email is enabled but email is empty": "MFA 电子邮件已启用,但电子邮件为空", "MFA phone is enabled but phone number is empty": "MFA 电话已启用,但电话号码为空", "New password cannot contain blank space.": "新密码不可以包含空格", + "The new password must be different from your current password": "新密码必须与您当前的密码不同", "the user's owner and name should not be empty": "用户的组织和名称不能为空" }, "util": { diff --git a/object/check_password_complexity.go b/object/check_password_complexity.go index 87c86bec..1838a1fb 100644 --- a/object/check_password_complexity.go +++ b/object/check_password_complexity.go @@ -16,6 +16,8 @@ package object import ( "regexp" + + "github.com/casdoor/casdoor/cred" ) type ValidatorFunc func(password string) string @@ -96,3 +98,26 @@ func checkPasswordComplexity(password string, options []string) string { } return "" } + +// CheckPasswordNotSameAsCurrent checks if the new password is different from the current password +func CheckPasswordNotSameAsCurrent(user *User, newPassword string, organization *Organization) bool { + if user.Password == "" { + // User doesn't have a password set (e.g., OAuth-only users), allow any password + return true + } + + credManager := cred.GetCredManager(organization.PasswordType) + if credManager == nil { + // If no credential manager is available, we can't compare passwords + return true + } + + // Check if the new password is the same as the current password + // Try with both organization salt and user salt (like CheckPassword function does) + if credManager.IsPasswordCorrect(newPassword, user.Password, organization.PasswordSalt) || + credManager.IsPasswordCorrect(newPassword, user.Password, user.PasswordSalt) { + return false + } + + return true +}