From bf870b361da28c21585768288b3d1e0c92ace851 Mon Sep 17 00:00:00 2001
From: Henning Gerhardt <henning.gerhardt@slub-dresden.de>
Date: Tue, 10 Oct 2023 13:41:54 +0200
Subject: [PATCH 1/2] Do not change password if old password is wrong

---
 .../org/kitodo/production/forms/UserForm.java | 37 ++++++++++---------
 1 file changed, 19 insertions(+), 18 deletions(-)

diff --git a/Kitodo/src/main/java/org/kitodo/production/forms/UserForm.java b/Kitodo/src/main/java/org/kitodo/production/forms/UserForm.java
index be0cfed5041..66d79e6170d 100644
--- a/Kitodo/src/main/java/org/kitodo/production/forms/UserForm.java
+++ b/Kitodo/src/main/java/org/kitodo/production/forms/UserForm.java
@@ -648,27 +648,28 @@ public static boolean checkUserLoggedIn(User user) {
     public void changePasswordForCurrentUser() {
         if (isOldPasswordInvalid()) {
             Helper.setErrorMessage("passwordsDontMatchOld");
-        }
-        try {
-            Set<ConstraintViolation<KitodoPassword>> passwordViolations = getPasswordViolations();
-            if (passwordViolations.isEmpty()) {
-                if (DynamicAuthenticationProvider.getInstance().isLdapAuthentication()
-                        && Objects.nonNull(userObject.getLdapGroup())) {
-                    ServiceManager.getLdapServerService().changeUserPassword(userObject, passwordToEncrypt);
-                } else {
+        } else {
+            try {
+                Set<ConstraintViolation<KitodoPassword>> passwordViolations = getPasswordViolations();
+                if (passwordViolations.isEmpty()) {
+                    if (DynamicAuthenticationProvider.getInstance().isLdapAuthentication()
+                            && Objects.nonNull(userObject.getLdapGroup())) {
+                        ServiceManager.getLdapServerService().changeUserPassword(userObject, passwordToEncrypt);
+                    }
+                    // NOTE: password has to be changed in database in any case because of a bug in LdapServerService
                     userService.changeUserPassword(userObject, this.passwordToEncrypt);
+                    Helper.setMessage("passwordChanged");
+                    PrimeFaces.current().executeScript("PF('resetPasswordDialog').hide();");
+                } else {
+                    for (ConstraintViolation<KitodoPassword> passwordViolation : passwordViolations) {
+                        Helper.setErrorMessage(passwordViolation.getMessage());
+                    }
                 }
-                Helper.setMessage("passwordChanged");
-                PrimeFaces.current().executeScript("PF('resetPasswordDialog').hide();");
-            } else {
-                for (ConstraintViolation<KitodoPassword> passwordViolation : passwordViolations) {
-                    Helper.setErrorMessage(passwordViolation.getMessage());
-                }
+            } catch (DAOException e) {
+                Helper.setErrorMessage(ERROR_SAVING, new Object[]{ObjectType.USER.getTranslationSingular()}, logger, e);
+            } catch (NoSuchAlgorithmException e) {
+                Helper.setErrorMessage("ldap error", logger, e);
             }
-        } catch (DAOException e) {
-            Helper.setErrorMessage(ERROR_SAVING, new Object[] {ObjectType.USER.getTranslationSingular() }, logger, e);
-        } catch (NoSuchAlgorithmException e) {
-            Helper.setErrorMessage("ldap error", logger, e);
         }
     }
 

From 1864e6a4bbcd06beec955e806178a7e4431ace7b Mon Sep 17 00:00:00 2001
From: Henning Gerhardt <henning.gerhardt@slub-dresden.de>
Date: Tue, 10 Oct 2023 13:42:21 +0200
Subject: [PATCH 2/2] Adjust error message if old password is wrong

---
 Kitodo/src/main/resources/messages/errors_de.properties | 2 +-
 Kitodo/src/main/resources/messages/errors_en.properties | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/Kitodo/src/main/resources/messages/errors_de.properties b/Kitodo/src/main/resources/messages/errors_de.properties
index af932d30975..a46d24328c8 100644
--- a/Kitodo/src/main/resources/messages/errors_de.properties
+++ b/Kitodo/src/main/resources/messages/errors_de.properties
@@ -134,7 +134,7 @@ errorParsingName="Parsingfehler: Vorname nicht mit Komma vom Nachnamen getrennt
 errorProjectNoTitleGiven=Kein Titel angegeben. Ein Projekt kann nicht ohne Titel gespeichert werden.
 paginationFormatError=Der Paginierungsstartwert "{0}" ist nicht dem gew\u00E4hlten Paginierungstyp entsprechend formatiert.
 parameterMissing=Pflichtparameter {ID} nicht gefunden.
-passwordsDontMatchOld=Das eingegebene Passwort stimmt nicht mit dem alten Passwort \u00FCberein!
+passwordsDontMatchOld=Das alte Passwort ist nicht korrekt!
 processAssignedError=Diese Produktionsvorlage kann nicht gel\u00F6scht werden, da dieser Vorg\u00E4nge zugewiesen sind.
 processCreationErrorFieldIsEmpty={0} enth\u00E4lt keinen Wert.
 processCreationErrorNoCollection=keine Kollektion angegeben.
diff --git a/Kitodo/src/main/resources/messages/errors_en.properties b/Kitodo/src/main/resources/messages/errors_en.properties
index 22cb8d393b4..8d641c11b44 100644
--- a/Kitodo/src/main/resources/messages/errors_en.properties
+++ b/Kitodo/src/main/resources/messages/errors_en.properties
@@ -134,6 +134,7 @@ errorParsingName="Error parsing: First name not separated by comma from last nam
 errorProjectNoTitleGiven=No project title was given. You cannot save a project without a title.
 paginationFormatError=The pagination start value "{0}" is malformed according to selected pagination type.
 parameterMissing=Mandatory parameter {ID} not found.
+passwordsDontMatchOld=The old password is not correct!
 processAssignedError=The template could not be deleted because there are already assigned processes.
 processCreationErrorFieldIsEmpty={0} contains no value.
 processCreationErrorNoCollection=no collection stated.