Ask for old password when changing password

[andreslucena]

Describe the bug

On the change password account section, we don't ask for the old password. This means that anyone with access to this account could change the password without consent (nor knowledge) of the user.

To Reproduce Steps to reproduce the behavior:

1. Sign in as a participant
2. Go to "My account" http://localhost:3000/account
3. Click on "Change password"

Expected behavior

We should ask for the old password as other apps already do (aka "Old password" or "Current password")

Screenshots

Extra data (please complete the following information):

• Decidim Version: v0.28.0.dev

Additional context

See https://meta.decidim.org/processes/roadmap/f/122/proposals/17111

[matisnape]

Hi, can I take this one? :)

[andreslucena]

Hi @matisnape, sure. Let me know if you need any help with this one.

[matisnape]

Just to let you know, I'm still planning to work on this - dealing with setup now, documentation is a bit confusing :)

[debicky]

Hi :) I would like to give it a shoot. Can you assign me, please? Thanks!

[ahukkanen]

We should also ask for the old password in case the user is trying to change their account email.

[sylvie-mcn]

Hi, I agree with ahukkanen and send and send a confirmation or warning email to the user to update their details (name, nickname, email address or password)

[ahukkanen]

@andreslucena Is this currently assigned to anyone?

We can allocate our team resources to fix this problem if no one else is working on it right now.

[andreslucena]

@andreslucena Is this currently assigned to anyone?

No, at the moment no.

We can allocate our team resources to fix this problem if no one else is working on it right now.

Great! I'll assign it to you even though I understand that you will not create the PR but your team. Thanks for the help on this long standing issue!