refactor: migrated change password page to controller (#3257)

nginx.conf

@@ -129,7 +129,7 @@ server {
             rewrite admin/api/(.*)                                  /admin/api/index.php last;
 
             # Administration pages
-            rewrite admin/(attachments|backup|backup/export|backup/restore|configuration|elasticsearch|export|import|instance/edit|instance/update|instances|session-keep-alive|stopwords|system|update) /admin/front.php last;
+            rewrite admin/(attachments|backup|backup/export|backup/restore|configuration|elasticsearch|export|import|instance/edit|instance/update|instances|password|session-keep-alive|stopwords|system|update) /admin/front.php last;
 
             # REST API v3.0 and v3.1
             rewrite ^api/v3\.[01]/(.*)                              /api/index.php last;

phpmyfaq/.htaccess

@@ -143,7 +143,7 @@ Header set Access-Control-Allow-Headers "Content-Type, Authorization"
     # Administration API
     RewriteRule ^admin/api/(.*) admin/api/index.php [L,QSA]
     # Administration pages
-    RewriteRule ^admin/(attachments|backup|backup/export|backup/restore|configuration|elasticsearch|export|import|instance/edit|instance/update|instances|session-keep-alive|stopwords|system|update) admin/front.php [L,QSA]
+    RewriteRule ^admin/(attachments|backup|backup/export|backup/restore|configuration|elasticsearch|export|import|instance/edit|instance/update|instances|password|session-keep-alive|stopwords|system|update) admin/front.php [L,QSA]
     # Private APIs
     RewriteRule ^api/(autocomplete|bookmark/delete|bookmark/create|user/data/update|user/password/update|user/request-removal|user/remove-twofactor|contact|voting|register|captcha|share|comment/create|faq/create|question/create|webauthn/prepare|webauthn/register|webauthn/prepare-login|webauthn/login) api/index.php [L,QSA]
     # Setup APIs

phpmyfaq/admin/header.php

@@ -166,7 +166,6 @@
 switch ($action) {
     case 'user':
     case 'group':
-    case 'passwd':
     case 'cookies':
         $userPage = true;
         break;

phpmyfaq/admin/index.php

@@ -329,10 +329,6 @@
             case 'glossary':
                 require 'glossary.php';
                 break;
-            // functions for password administration
-            case 'passwd':
-                require 'password.change.php';
-                break;
             // functions for session administration
             case 'adminlog':
                 require 'statistics.admin-log.php';

phpmyfaq/assets/templates/admin/header.twig

@@ -76,7 +76,7 @@
       </a>
       <ul class="dropdown-menu dropdown-menu-end" aria-labelledby="navbarDropdown">
         <li>
-          <a class="dropdown-item" href="index.php?action=passwd">{{ msgChangePassword }}</a>
+          <a class="dropdown-item" href="./password/change">{{ msgChangePassword }}</a>
         </li>
         <li><hr class="dropdown-divider"></li>
         <li>

phpmyfaq/assets/templates/admin/index.twig

@@ -76,7 +76,7 @@
         </a>
         <ul class="dropdown-menu dropdown-menu-end" aria-labelledby="navbarDropdown">
           <li>
-            <a class="dropdown-item" href="index.php?action=passwd">{{ msgChangePassword }}</a>
+            <a class="dropdown-item" href="./password/change">{{ msgChangePassword }}</a>
           </li>
           <li><hr class="dropdown-divider"></li>
           <li>

phpmyfaq/assets/templates/admin/user/password.twig

@@ -0,0 +1,88 @@
+{% extends '@admin/index.twig' %}
+
+{% block content %}
+  <div class="d-flex justify-content-between flex-wrap flex-md-nowrap align-items-center pt-3 pb-2 mb-3 border-bottom">
+    <h1 class="h2">
+      <i aria-hidden="true" class="bi bi-lock"></i>
+      {{ adminHeaderPasswordChange }}
+    </h1>
+  </div>
+
+  {% if successMessage %}
+    <p class="alert alert-success alert-dismissible fade show">
+      {{ successMessage }}
+      <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
+    </p>
+  {% endif %}
+  {% if errorMessage %}
+    <p class="alert alert-danger alert-dismissible fade show">
+      {{ errorMessage }}
+      <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
+    </p>
+  {% endif %}
+
+  <div class="row mb-2">
+    <div class="col-6 offset-3">
+      <div class="card shadow mb-4">
+        <div class="card-header">
+          <h5 class="card-title">
+            {{ adminHeaderPasswordChange }}
+          </h5>
+        </div>
+        <div class="card-body">
+          <form action="./password/update" method="post" accept-charset="utf-8">
+            <input type="hidden" id="pmf-csrf-token" name="pmf-csrf-token" value="{{ csrfToken }}">
+
+            <div class="row mb-4">
+              <label class="form-label small" for="faqpassword_old">
+                {{ adminMsgOldPassword }}
+              </label>
+              <div>
+                <input type="password" autocomplete="off" name="faqpassword_old" id="faqpassword_old"
+                       class="form-control"
+                       required>
+              </div>
+            </div>
+
+            <div class="row mb-4">
+              <label class="form-label small" for="faqpassword">
+                {{ adminMsgNewPassword }}
+              </label>
+              <div class="input-group">
+                <input type="password" autocomplete="off" name="faqpassword" id="faqpassword" class="form-control"
+                       data-pmf-toggle="faqpassword_toggle" required>
+                <span class="input-group-text" id="faqpassword_toggle">
+                <i class="bi bi-eye-slash" id="faqpassword_toggle_icon"></i>
+              </span>
+              </div>
+              <div class="">
+                <div class="progress mt-2 w-100">
+                  <div class="progress-bar progress-bar-striped" id="strength"></div>
+                </div>
+              </div>
+            </div>
+
+            <div class="row mb-4">
+              <label class="form-label small" for="faqpassword_confirm">
+                {{ adminMsgNewPasswordConfirm }}
+              </label>
+              <div>
+                <input type="password" autocomplete="off" name="faqpassword_confirm" id="faqpassword_confirm"
+                       class="form-control" required>
+              </div>
+            </div>
+
+            <div class="row">
+              <div class="text-end">
+                <button class="btn btn-primary" type="submit">
+                  {{ adminMsgButtonNewPassword }}
+                </button>
+              </div>
+            </div>
+
+          </form>
+        </div>
+      </div>
+    </div>
+  </div>
+{% endblock %}

phpmyfaq/src/admin-routes.php

@@ -22,6 +22,7 @@
 use phpMyFAQ\Controller\Administration\ExportController;
 use phpMyFAQ\Controller\Administration\ImportController;
 use phpMyFAQ\Controller\Administration\InstanceController;
+use phpMyFAQ\Controller\Administration\PasswordChangeController;
 use phpMyFAQ\Controller\Administration\SessionKeepAliveController;
 use phpMyFAQ\Controller\Administration\StopWordsController;
 use phpMyFAQ\Controller\Administration\SystemInformationController;
@@ -106,6 +107,16 @@
         'path' => '/update',
         'controller' => [UpdateController::class, 'index'],
         'methods' => 'GET'
+    ],
+    'admin.password.change' => [
+        'path' => '/password/change',
+        'controller' => [PasswordChangeController::class, 'index'],
+        'methods' => 'GET'
+    ],
+    'admin.password.update' => [
+        'path' => '/password/update',
+        'controller' => [PasswordChangeController::class, 'update'],
+        'methods' => 'POST'
     ]
 ];
 

phpmyfaq/src/phpMyFAQ/Controller/Administration/AbstractAdministrationController.php

@@ -63,6 +63,13 @@ protected function getHeader(Request $request): array
                 'ad_menu_group_administration'
             );
         }
+        $secLevelEntries['user'] .= $adminHelper->addMenuEntry(
+            PermissionType::PASSWORD_CHANGE->value,
+            'password/change',
+            'ad_menu_passwd',
+            'password/change'
+        );
+
         $secLevelEntries['content'] = $adminHelper->addMenuEntry(
             'addcateg+editcateg+delcateg',
             'category-overview',
@@ -195,7 +202,6 @@ protected function getHeader(Request $request): array
         switch ($action) {
             case 'user':
             case 'group':
-            case 'passwd':
             case 'cookies':
                 $userPage = true;
                 break;
@@ -247,6 +253,10 @@ protected function getHeader(Request $request): array
         }
 
         switch ($request->attributes->get('_route')) {
+            case 'admin.password.change':
+            case 'admin.password.update':
+                $userPage = true;
+                break;
             case 'admin.attachments':
                 $contentPage = true;
                 break;

phpmyfaq/src/phpMyFAQ/Controller/Administration/InstanceController.php

@@ -91,6 +91,7 @@ public function edit(Request $request): Response
      * @throws Exception
      * @throws \Exception
      */
+    #[Route('/instance/update', name: 'admin.instance.update', methods: ['POST'])]
     public function update(Request $request): Response
     {
         $this->userHasPermission(PermissionType::INSTANCE_EDIT);
@@ -146,10 +147,10 @@ public function update(Request $request): Response
     }
 
     /**
+     * @return array<string, string>
+     * @throws \Exception
      * @throws LoaderError
      * @throws Exception
-     * @throws \Exception
-     * @return string[]
      */
     private function getBaseTemplateVars(): array
     {