Require current password to change.
Signed-off-by: Armored Dragon <publicmail@armoreddragon.com>account-personalization
parent
5b0f0121ac
commit
26c9dc2ab6
|
@ -100,7 +100,7 @@ async function getUser({ user_id, username, include_password = false }) {
|
|||
return { success: true, data: user };
|
||||
}
|
||||
async function editUser({ requester_id, user_id, user_content }) {
|
||||
let user = await getUser({ user_id: user_id });
|
||||
let user = await getUser({ user_id: user_id, include_password: true });
|
||||
if (!user.success) return _r(false, "User not found");
|
||||
user = user.data;
|
||||
|
||||
|
@ -117,7 +117,11 @@ async function editUser({ requester_id, user_id, user_content }) {
|
|||
formatted[user_content.setting_name] = user_content.value;
|
||||
|
||||
if (formatted.password) {
|
||||
// TODO: Validate password
|
||||
// Check if the current password matches the one on file
|
||||
const password_match = await bcrypt.compare(user_content.original_password, user.password);
|
||||
if (!password_match) return _r(false, "Incorrect password.");
|
||||
|
||||
// If password was correct, update the database
|
||||
formatted.password = await bcrypt.hash(formatted.password, 10);
|
||||
}
|
||||
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
async function changeValue(setting_name, element) {
|
||||
async function changeValue(setting_name, element, extra = {}) {
|
||||
const form = {
|
||||
setting_name: setting_name,
|
||||
value: element.value,
|
||||
id: window.location.href.split("/")[4],
|
||||
...extra,
|
||||
};
|
||||
const response = await request(`/api/web/user`, "PATCH", form);
|
||||
|
||||
|
@ -19,19 +20,26 @@ qs("#cp-cancel").addEventListener("click", () => change_password_dialog.close())
|
|||
function changePasswordInputUpdate() {
|
||||
const status = qs("#change-password-dialog .status");
|
||||
const current_password = qs("#cp-current");
|
||||
const new_password_1 = qs("#cp-new-1");
|
||||
const new_password_2 = qs("#cp-new-2");
|
||||
|
||||
if (current_password.value === "") return (status.innerText = "Please enter your current password.");
|
||||
|
||||
if (new_password_1.value !== new_password_2.value) return (status.innerText = "New password does not match.");
|
||||
if (!_newPasswordEntriesMatch()) return (status.innerText = "New password does not match.");
|
||||
|
||||
return (status.innerHTML = " ");
|
||||
}
|
||||
|
||||
function sendPasswordUpdate() {
|
||||
if (!_newPasswordEntriesMatch()) return false;
|
||||
|
||||
const current_password = qs("#cp-current").value;
|
||||
const new_password_1 = qs("#cp-new-1");
|
||||
// Check fields match
|
||||
// Send post update
|
||||
changeValue("password", new_password_1);
|
||||
|
||||
changeValue("password", new_password_1, { original_password: current_password });
|
||||
}
|
||||
|
||||
function _newPasswordEntriesMatch() {
|
||||
const new_password_1 = qs("#cp-new-1");
|
||||
const new_password_2 = qs("#cp-new-2");
|
||||
|
||||
return new_password_1.value === new_password_2.value;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue