ArmoredDragon
/
yet-another-blog
mirror of https://github.com/Armored-Dragon/yet-another-blog
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Require current password to change. 

Signed-off-by: Armored Dragon <publicmail@armoreddragon.com>
account-personalization
Armored Dragon 2024-05-27 22:25:01 -05:00
parent 5b0f0121ac
commit 26c9dc2ab6
Signed by: ArmoredDragon
GPG Key ID: C7207ACC3382AD8B
2 changed files with 21 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
backend/core/core.js
View File

@ -100,7 +100,7 @@ async function getUser({ user_id, username, include_password = false }) {
return { success: true, data: user }; return { success: true, data: user };
} }
async function editUser({ requester_id, user_id, user_content }) { async function editUser({ requester_id, user_id, user_content }) {
let user = await getUser({ user_id: user_id }); let user = await getUser({ user_id: user_id, include_password: true });
if (!user.success) return _r(false, "User not found"); if (!user.success) return _r(false, "User not found");
user = user.data; user = user.data;
@ -117,7 +117,11 @@ async function editUser({ requester_id, user_id, user_content }) {
formatted[user_content.setting_name] = user_content.value; formatted[user_content.setting_name] = user_content.value;
if (formatted.password) { if (formatted.password) {
// TODO: Validate password // Check if the current password matches the one on file
const password_match = await bcrypt.compare(user_content.original_password, user.password);
if (!password_match) return _r(false, "Incorrect password.");
// If password was correct, update the database
formatted.password = await bcrypt.hash(formatted.password, 10); formatted.password = await bcrypt.hash(formatted.password, 10);
} }

22
frontend/views/themes/default/js/editAuthor.js
View File

@ -1,8 +1,9 @@
async function changeValue(setting_name, element) { async function changeValue(setting_name, element, extra = {}) {
const form = { const form = {
setting_name: setting_name, setting_name: setting_name,
value: element.value, value: element.value,
id: window.location.href.split("/")[4], id: window.location.href.split("/")[4],
...extra,
}; };
const response = await request(`/api/web/user`, "PATCH", form); const response = await request(`/api/web/user`, "PATCH", form);
@ -19,19 +20,26 @@ qs("#cp-cancel").addEventListener("click", () => change_password_dialog.close())
function changePasswordInputUpdate() { function changePasswordInputUpdate() {
const status = qs("#change-password-dialog .status"); const status = qs("#change-password-dialog .status");
const current_password = qs("#cp-current"); const current_password = qs("#cp-current");
const new_password_1 = qs("#cp-new-1");
const new_password_2 = qs("#cp-new-2");
if (current_password.value === "") return (status.innerText = "Please enter your current password."); if (current_password.value === "") return (status.innerText = "Please enter your current password.");
if (new_password_1.value !== new_password_2.value) return (status.innerText = "New password does not match."); if (!_newPasswordEntriesMatch()) return (status.innerText = "New password does not match.");
return (status.innerHTML = "&nbsp;"); return (status.innerHTML = "&nbsp;");
} }
function sendPasswordUpdate() { function sendPasswordUpdate() {
if (!_newPasswordEntriesMatch()) return false;
const current_password = qs("#cp-current").value;
const new_password_1 = qs("#cp-new-1"); const new_password_1 = qs("#cp-new-1");
// Check fields match
// Send post update changeValue("password", new_password_1, { original_password: current_password });
changeValue("password", new_password_1); }
function _newPasswordEntriesMatch() {
const new_password_1 = qs("#cp-new-1");
const new_password_2 = qs("#cp-new-2");
return new_password_1.value === new_password_2.value;
} }