Require current password to change password.
Signed-off-by: Armored Dragon <publicmail@armoreddragon.com>feature/profile
parent
537f5afa72
commit
f56cfc0e6b
|
@ -103,7 +103,7 @@ async function getUser({ user_id, username, include_password = false }) {
|
||||||
async function editUser({ requester_id, user_id, user_content }) {
|
async function editUser({ requester_id, user_id, user_content }) {
|
||||||
const valid_settings = ['display_name', 'password', 'role']; // Valid settings that can be changed
|
const valid_settings = ['display_name', 'password', 'role']; // Valid settings that can be changed
|
||||||
|
|
||||||
let user = await getUser({ user_id: user_id });
|
let user = await getUser({ user_id: user_id, include_password: true });
|
||||||
if (!user.success) return _r(false, "User not found");
|
if (!user.success) return _r(false, "User not found");
|
||||||
user = user.data;
|
user = user.data;
|
||||||
|
|
||||||
|
@ -113,6 +113,11 @@ async function editUser({ requester_id, user_id, user_content }) {
|
||||||
if (!valid_settings.includes(setting_name)) return _r(false, "Invalid setting.");
|
if (!valid_settings.includes(setting_name)) return _r(false, "Invalid setting.");
|
||||||
|
|
||||||
if (setting_name == 'password'){
|
if (setting_name == 'password'){
|
||||||
|
// Check if current password value is correct
|
||||||
|
const password_match = await bcrypt.compare(user_content.original_password, user.password);
|
||||||
|
if (!password_match) return _r(false, "Incorrect password")
|
||||||
|
|
||||||
|
// If successful, compute new password hash
|
||||||
user_content.value = await bcrypt.hash(user_content.value, 10);
|
user_content.value = await bcrypt.hash(user_content.value, 10);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -8,7 +8,7 @@ async function changeValue(setting_name, element) {
|
||||||
|
|
||||||
// TODO: On failure, notify the user
|
// TODO: On failure, notify the user
|
||||||
if (response.body.success) {
|
if (response.body.success) {
|
||||||
alert("Successfully changed password");
|
alert("Successfully changed setting.");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
const change_password_dialog = qs("#change-password-dialog");
|
const change_password_dialog = qs("#change-password-dialog");
|
||||||
|
@ -29,9 +29,19 @@ function changePasswordInputUpdate() {
|
||||||
return (status.innerHTML = " ");
|
return (status.innerHTML = " ");
|
||||||
}
|
}
|
||||||
|
|
||||||
function sendPasswordUpdate() {
|
async function sendPasswordUpdate() {
|
||||||
const new_password_1 = qs("#cp-new-1");
|
const new_password_1 = qs("#cp-new-1");
|
||||||
// Check fields match
|
const original_password_value = qs("#cp-current").value
|
||||||
// Send post update
|
|
||||||
changeValue("password", new_password_1);
|
const form = {
|
||||||
|
setting_name: "password",
|
||||||
|
value: new_password_1.value,
|
||||||
|
original_password: original_password_value,
|
||||||
|
id: window.location.href.split("/")[4],
|
||||||
|
};
|
||||||
|
const response = await request(`/api/web/user`, "PATCH", form);
|
||||||
|
|
||||||
|
if (response.body.success) {
|
||||||
|
alert("Successfully changed password");
|
||||||
|
}
|
||||||
}
|
}
|
Loading…
Reference in New Issue