diff --git a/teraserver/python/modules/FlaskModule/API/user/UserLoginChangePassword.py b/teraserver/python/modules/FlaskModule/API/user/UserLoginChangePassword.py index 78eb2463..c4b58e87 100644 --- a/teraserver/python/modules/FlaskModule/API/user/UserLoginChangePassword.py +++ b/teraserver/python/modules/FlaskModule/API/user/UserLoginChangePassword.py @@ -33,6 +33,9 @@ def post(self): if new_password != confirm_password: return gettext('New password and confirm password do not match'), 400 + if not current_user.user_force_password_change: + return gettext('User not required to change password'), 400 + # Change password, will be encrypted # Will also reset force password change flag try: @@ -43,7 +46,7 @@ def post(self): except UserNewPasswordSameAsOld: return gettext('New password same as old password'), 400 - return redirect(self._generate_login_url()) + return 200 except Exception as e: # Something went wrong, logout user self._user_logout() diff --git a/teraserver/python/templates/login_change_password.html b/teraserver/python/templates/login_change_password.html index 15fc1daf..787db778 100644 --- a/teraserver/python/templates/login_change_password.html +++ b/teraserver/python/templates/login_change_password.html @@ -68,7 +68,7 @@ // Send the form data to the backend with a post request $.ajax({ type: "POST", - url: $(this).action, + url: 'api/user/login/change_password', data: form.serialize(), success: function(response) { $('#dlgRedirect').removeClass("d-none").addClass("d-flex"); @@ -77,7 +77,8 @@ error: function(response) { if (response.status === 401) redirectToLogin(); - $('#error_message')[0].innerHTML = response.responseText; + $('#error_message')[0].innerHTML = response.responseText.substring(1, response.responseText.length-2); + //$('#error_message').text(response.responseJSON); $('#error_message').show(); } }); @@ -104,7 +105,7 @@