krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-17 06:37:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix resetting account for social accounts (#15087)

Browse Source 
* Fix resetting account for social accounts

* added integration tests

* chore(packages): reinstall modules

* only enable reset button if user typed RESET

* fix enabling reset button

---------

Co-authored-by: negue <eugen.bolz@gmail.com>
Co-authored-by: Sabe Jones <sabe@habitica.com>
This commit is contained in:
Phillip Thelen
2024-01-18 22:51:36 +01:00
committed by GitHub
parent 67069b1adc
commit 1ade4c6b3e
7 changed files with 119 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
website/server/controllers/api-v4/user.js
View File

@@ -7,6 +7,7 @@ import { BadRequest, NotAuthorized } from '../../libs/errors';
import * as passwordUtils from '../../libs/password';
const api = {};
const RESET_CONFIRMATION = 'RESET';
/*
* NOTE most user routes are still in the v3 controller
@@ -224,9 +225,14 @@ api.userReset = {
throw new BadRequest(res.t('missingPassword'));
}
const isValidPassword = await passwordUtils.compare(user, password);
if (!isValidPassword) {
throw new NotAuthorized(res.t('wrongPassword'));
if (user.auth.local.hashed_password && user.auth.local.email) {
const isValidPassword = await passwordUtils.compare(user, password);
if (!isValidPassword) throw new NotAuthorized(res.t('wrongPassword'));
} else if (
(user.auth.facebook.id || user.auth.google.id || user.auth.apple.id)
&& password !== RESET_CONFIRMATION
) {
throw new NotAuthorized(res.t('incorrectResetPhrase', { magicWord: RESET_CONFIRMATION }));
}
await userLib.reset(req, res, { isV3: false });