diff --git a/backend/core/core.js b/backend/core/core.js index 7ba3f72..9c37f49 100644 --- a/backend/core/core.js +++ b/backend/core/core.js @@ -100,7 +100,7 @@ async function getUser({ user_id, username, include_password = false }) { return { success: true, data: user }; } async function editUser({ requester_id, user_id, user_content }) { - let user = await getUser({ user_id: user_id }); + let user = await getUser({ user_id: user_id, include_password: true }); if (!user.success) return _r(false, "User not found"); user = user.data; @@ -117,7 +117,11 @@ async function editUser({ requester_id, user_id, user_content }) { formatted[user_content.setting_name] = user_content.value; if (formatted.password) { - // TODO: Validate password + // Check if the current password matches the one on file + const password_match = await bcrypt.compare(user_content.original_password, user.password); + if (!password_match) return _r(false, "Incorrect password."); + + // If password was correct, update the database formatted.password = await bcrypt.hash(formatted.password, 10); } diff --git a/frontend/views/themes/default/js/editAuthor.js b/frontend/views/themes/default/js/editAuthor.js index 6f59d74..9b060c9 100644 --- a/frontend/views/themes/default/js/editAuthor.js +++ b/frontend/views/themes/default/js/editAuthor.js @@ -1,8 +1,9 @@ -async function changeValue(setting_name, element) { +async function changeValue(setting_name, element, extra = {}) { const form = { setting_name: setting_name, value: element.value, id: window.location.href.split("/")[4], + ...extra, }; const response = await request(`/api/web/user`, "PATCH", form); @@ -19,19 +20,26 @@ qs("#cp-cancel").addEventListener("click", () => change_password_dialog.close()) function changePasswordInputUpdate() { const status = qs("#change-password-dialog .status"); const current_password = qs("#cp-current"); - const new_password_1 = qs("#cp-new-1"); - const new_password_2 = qs("#cp-new-2"); if (current_password.value === "") return (status.innerText = "Please enter your current password."); - if (new_password_1.value !== new_password_2.value) return (status.innerText = "New password does not match."); + if (!_newPasswordEntriesMatch()) return (status.innerText = "New password does not match."); return (status.innerHTML = " "); } function sendPasswordUpdate() { + if (!_newPasswordEntriesMatch()) return false; + + const current_password = qs("#cp-current").value; const new_password_1 = qs("#cp-new-1"); - // Check fields match - // Send post update - changeValue("password", new_password_1); + + changeValue("password", new_password_1, { original_password: current_password }); +} + +function _newPasswordEntriesMatch() { + const new_password_1 = qs("#cp-new-1"); + const new_password_2 = qs("#cp-new-2"); + + return new_password_1.value === new_password_2.value; }