Require current password to change password.
Signed-off-by: Armored Dragon <publicmail@armoreddragon.com>feature/profile
parent
537f5afa72
commit
f56cfc0e6b
|
@ -103,7 +103,7 @@ async function getUser({ user_id, username, include_password = false }) {
|
|||
async function editUser({ requester_id, user_id, user_content }) {
|
||||
const valid_settings = ['display_name', 'password', 'role']; // Valid settings that can be changed
|
||||
|
||||
let user = await getUser({ user_id: user_id });
|
||||
let user = await getUser({ user_id: user_id, include_password: true });
|
||||
if (!user.success) return _r(false, "User not found");
|
||||
user = user.data;
|
||||
|
||||
|
@ -113,6 +113,11 @@ async function editUser({ requester_id, user_id, user_content }) {
|
|||
if (!valid_settings.includes(setting_name)) return _r(false, "Invalid setting.");
|
||||
|
||||
if (setting_name == 'password'){
|
||||
// Check if current password value is correct
|
||||
const password_match = await bcrypt.compare(user_content.original_password, user.password);
|
||||
if (!password_match) return _r(false, "Incorrect password")
|
||||
|
||||
// If successful, compute new password hash
|
||||
user_content.value = await bcrypt.hash(user_content.value, 10);
|
||||
}
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@ async function changeValue(setting_name, element) {
|
|||
|
||||
// TODO: On failure, notify the user
|
||||
if (response.body.success) {
|
||||
alert("Successfully changed password");
|
||||
alert("Successfully changed setting.");
|
||||
}
|
||||
}
|
||||
const change_password_dialog = qs("#change-password-dialog");
|
||||
|
@ -29,9 +29,19 @@ function changePasswordInputUpdate() {
|
|||
return (status.innerHTML = " ");
|
||||
}
|
||||
|
||||
function sendPasswordUpdate() {
|
||||
async function sendPasswordUpdate() {
|
||||
const new_password_1 = qs("#cp-new-1");
|
||||
// Check fields match
|
||||
// Send post update
|
||||
changeValue("password", new_password_1);
|
||||
const original_password_value = qs("#cp-current").value
|
||||
|
||||
const form = {
|
||||
setting_name: "password",
|
||||
value: new_password_1.value,
|
||||
original_password: original_password_value,
|
||||
id: window.location.href.split("/")[4],
|
||||
};
|
||||
const response = await request(`/api/web/user`, "PATCH", form);
|
||||
|
||||
if (response.body.success) {
|
||||
alert("Successfully changed password");
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue