Require current password to change.
Signed-off-by: Armored Dragon <publicmail@armoreddragon.com>account-personalization
parent
5b0f0121ac
commit
26c9dc2ab6
|
@ -100,7 +100,7 @@ async function getUser({ user_id, username, include_password = false }) {
|
||||||
return { success: true, data: user };
|
return { success: true, data: user };
|
||||||
}
|
}
|
||||||
async function editUser({ requester_id, user_id, user_content }) {
|
async function editUser({ requester_id, user_id, user_content }) {
|
||||||
let user = await getUser({ user_id: user_id });
|
let user = await getUser({ user_id: user_id, include_password: true });
|
||||||
if (!user.success) return _r(false, "User not found");
|
if (!user.success) return _r(false, "User not found");
|
||||||
user = user.data;
|
user = user.data;
|
||||||
|
|
||||||
|
@ -117,7 +117,11 @@ async function editUser({ requester_id, user_id, user_content }) {
|
||||||
formatted[user_content.setting_name] = user_content.value;
|
formatted[user_content.setting_name] = user_content.value;
|
||||||
|
|
||||||
if (formatted.password) {
|
if (formatted.password) {
|
||||||
// TODO: Validate password
|
// Check if the current password matches the one on file
|
||||||
|
const password_match = await bcrypt.compare(user_content.original_password, user.password);
|
||||||
|
if (!password_match) return _r(false, "Incorrect password.");
|
||||||
|
|
||||||
|
// If password was correct, update the database
|
||||||
formatted.password = await bcrypt.hash(formatted.password, 10);
|
formatted.password = await bcrypt.hash(formatted.password, 10);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,9 @@
|
||||||
async function changeValue(setting_name, element) {
|
async function changeValue(setting_name, element, extra = {}) {
|
||||||
const form = {
|
const form = {
|
||||||
setting_name: setting_name,
|
setting_name: setting_name,
|
||||||
value: element.value,
|
value: element.value,
|
||||||
id: window.location.href.split("/")[4],
|
id: window.location.href.split("/")[4],
|
||||||
|
...extra,
|
||||||
};
|
};
|
||||||
const response = await request(`/api/web/user`, "PATCH", form);
|
const response = await request(`/api/web/user`, "PATCH", form);
|
||||||
|
|
||||||
|
@ -19,19 +20,26 @@ qs("#cp-cancel").addEventListener("click", () => change_password_dialog.close())
|
||||||
function changePasswordInputUpdate() {
|
function changePasswordInputUpdate() {
|
||||||
const status = qs("#change-password-dialog .status");
|
const status = qs("#change-password-dialog .status");
|
||||||
const current_password = qs("#cp-current");
|
const current_password = qs("#cp-current");
|
||||||
const new_password_1 = qs("#cp-new-1");
|
|
||||||
const new_password_2 = qs("#cp-new-2");
|
|
||||||
|
|
||||||
if (current_password.value === "") return (status.innerText = "Please enter your current password.");
|
if (current_password.value === "") return (status.innerText = "Please enter your current password.");
|
||||||
|
|
||||||
if (new_password_1.value !== new_password_2.value) return (status.innerText = "New password does not match.");
|
if (!_newPasswordEntriesMatch()) return (status.innerText = "New password does not match.");
|
||||||
|
|
||||||
return (status.innerHTML = " ");
|
return (status.innerHTML = " ");
|
||||||
}
|
}
|
||||||
|
|
||||||
function sendPasswordUpdate() {
|
function sendPasswordUpdate() {
|
||||||
|
if (!_newPasswordEntriesMatch()) return false;
|
||||||
|
|
||||||
|
const current_password = qs("#cp-current").value;
|
||||||
const new_password_1 = qs("#cp-new-1");
|
const new_password_1 = qs("#cp-new-1");
|
||||||
// Check fields match
|
|
||||||
// Send post update
|
changeValue("password", new_password_1, { original_password: current_password });
|
||||||
changeValue("password", new_password_1);
|
}
|
||||||
|
|
||||||
|
function _newPasswordEntriesMatch() {
|
||||||
|
const new_password_1 = qs("#cp-new-1");
|
||||||
|
const new_password_2 = qs("#cp-new-2");
|
||||||
|
|
||||||
|
return new_password_1.value === new_password_2.value;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue