krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-17 22:57:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop' into sabrecat/teams-rebase

Browse Source
This commit is contained in:
SabreCat
2022-04-05 13:56:25 -05:00
parent 48be0a38bf 39b39387d3
commit 40113b0458
32 changed files with 468 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
website/server/controllers/api-v3/auth.js
View File

@@ -341,7 +341,15 @@ api.resetPassword = {
if (validationErrors) throw validationErrors;
const email = req.body.email.toLowerCase();
const user = await User.findOne({ 'auth.local.email': email }).exec();
const user = await User.findOne({
$or: [
{ 'auth.local.username': email.replace(/^@/, '') },
{ 'auth.local.email': email },
{ 'auth.apple.emails.value': email },
{ 'auth.google.emails.value': email },
{ 'auth.facebook.emails.value': email },
],
}).exec();
if (user) {
// create an encrypted link to be used to reset the password
@@ -385,7 +393,9 @@ api.updateEmail = {
if (!user.auth.local.email) throw new BadRequest(res.t('userHasNoLocalRegistration'));
req.checkBody('newEmail', res.t('newEmailRequired')).notEmpty().isEmail();
req.checkBody('password', res.t('missingPassword')).notEmpty();
if (user.auth.local.hashed_password) {
req.checkBody('password', res.t('missingPassword')).notEmpty();
}
const validationErrors = req.validationErrors();
if (validationErrors) throw validationErrors;
@@ -395,13 +405,15 @@ api.updateEmail = {
if (emailAlreadyInUse) throw new NotAuthorized(res.t('cannotFulfillReq', { techAssistanceEmail: TECH_ASSISTANCE_EMAIL }));
const { password } = req.body;
const isValidPassword = await passwordUtils.compare(user, password);
if (!isValidPassword) throw new NotAuthorized(res.t('wrongPassword'));
if (user.auth.local.hashed_password) {
const { password } = req.body;
const isValidPassword = await passwordUtils.compare(user, password);
if (!isValidPassword) throw new NotAuthorized(res.t('wrongPassword'));
// if password is using old sha1 encryption, change it
if (user.auth.local.passwordHashMethod === 'sha1') {
await passwordUtils.convertToBcrypt(user, password);
// if password is using old sha1 encryption, change it
if (user.auth.local.passwordHashMethod === 'sha1') {
await passwordUtils.convertToBcrypt(user, password);
}
}
user.auth.local.email = req.body.newEmail.toLowerCase();