ArmoredDragon
/
yet-another-blog
mirror of https://github.com/Armored-Dragon/yet-another-blog
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Require current password to change password. 

Signed-off-by: Armored Dragon <publicmail@armoreddragon.com>
feature/profile
Armored Dragon 2024-07-10 18:20:22 -05:00
parent 537f5afa72
commit f56cfc0e6b
Signed by: ArmoredDragon
GPG Key ID: C7207ACC3382AD8B
2 changed files with 21 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
backend/core/core.js
View File

@ -103,7 +103,7 @@ async function getUser({ user_id, username, include_password = false }) {
async function editUser({ requester_id, user_id, user_content }) {
const valid_settings = ['display_name', 'password', 'role']; // Valid settings that can be changed
let user = await getUser({ user_id: user_id });
let user = await getUser({ user_id: user_id, include_password: true });
if (!user.success) return _r(false, "User not found");
user = user.data;
@ -113,6 +113,11 @@ async function editUser({ requester_id, user_id, user_content }) {
if (!valid_settings.includes(setting_name)) return _r(false, "Invalid setting.");
if (setting_name == 'password'){
// Check if current password value is correct
const password_match = await bcrypt.compare(user_content.original_password, user.password);
if (!password_match) return _r(false, "Incorrect password")
// If successful, compute new password hash
user_content.value = await bcrypt.hash(user_content.value, 10);
}

20
frontend/views/themes/default/js/editAuthor.js
View File

@ -8,7 +8,7 @@ async function changeValue(setting_name, element) {
// TODO: On failure, notify the user
if (response.body.success) {
alert("Successfully changed password");
alert("Successfully changed setting.");
}
}
const change_password_dialog = qs("#change-password-dialog");
@ -29,9 +29,19 @@ function changePasswordInputUpdate() {
return (status.innerHTML = "&nbsp;");
}
function sendPasswordUpdate() {
async function sendPasswordUpdate() {
const new_password_1 = qs("#cp-new-1");
// Check fields match
// Send post update
changeValue("password", new_password_1);
const original_password_value = qs("#cp-current").value
const form = {
setting_name: "password",
value: new_password_1.value,
original_password: original_password_value,
id: window.location.href.split("/")[4],
};
const response = await request(`/api/web/user`, "PATCH", form);
if (response.body.success) {
alert("Successfully changed password");
}
}