krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-17 22:57:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update email check exist (#7899)

Browse Source 
* throw a 401 error if user tries to update his/her email to an email that exists already

* Make error message generic so we don't violate users' privacy.  Added test case.

* Syntax fixes

* select only the _id field when searching for users with the same email.  Return found document as javascript object.
This commit is contained in:
Camellia Peng
2016-08-15 05:52:53 -07:00
committed by Blade Barringer
parent 02545ae439
commit 12f1aae2dd
3 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
website/server/controllers/api-v3/auth.js
View File

@@ -545,6 +545,9 @@ api.updateEmail = {
let validationErrors = req.validationErrors();
if (validationErrors) throw validationErrors;
let emailAlreadyInUse = await User.findOne({'auth.local.email': req.body.newEmail}).select({_id: 1}).lean().exec();
if (emailAlreadyInUse) throw new NotAuthorized(res.t('cannotFulfillReq'));
let candidatePassword = passwordUtils.encrypt(req.body.password, user.auth.local.salt);
if (candidatePassword !== user.auth.local.hashed_password) throw new NotAuthorized(res.t('wrongPassword'));