krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-17 14:47:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'api-v3-email-3' of https://github.com/piousbox/habitrpg into piousbox-api-v3-email-3

Browse Source
This commit is contained in:
Matteo Pagliazzi
2016-03-05 19:24:11 +01:00
parent a266ffdabd 7dfdbb8b05
commit 6830a4464a
5 changed files with 120 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
website/src/controllers/api-v3/user.js
View File

@@ -11,6 +11,7 @@ import { model as Group } from '../../models/group';
import { model as User } from '../../models/user';
import Q from 'q';
import _ from 'lodash';
import * as passwordUtils from '../../libs/api-v3/password';
let api = {};
@@ -29,7 +30,7 @@ api.getUser = {
async handler (req, res) {
let user = res.locals.user.toJSON();
// Remove apiToken from resonse TODO make it priavte at the user level? returned in signup/login
// Remove apiToken from response TODO make it private at the user level? returned in signup/login
delete user.apiToken;
// TODO move to model (maybe virtuals, maybe in toJSON)
@@ -41,6 +42,41 @@ api.getUser = {
},
};
/**
* @api {post} /user/update-email
* @apiVersion 3.0.0
* @apiName UpdateEmail
* @apiGroup User
*
* @apiParam {string} newEmail The new email address.
* @apiParam {string} password The user password.
*
* @apiSuccess {Object} An object containing the new email address
*/
api.updateEmail = {
method: 'POST',
middlewares: [authWithHeaders(), cron],
url: '/user/update-email',
async handler (req, res) {
let user = res.locals.user;
if (!user.auth.local.email) throw new BadRequest(res.t('userHasNoLocalRegistration'));
req.checkBody('newEmail', res.t('newEmailRequired')).notEmpty().isEmail();
req.checkBody('password', res.t('missingPassword')).notEmpty();
let validationErrors = req.validationErrors();
if (validationErrors) throw validationErrors;
let candidatePassword = passwordUtils.encrypt(req.body.password, user.auth.local.salt);
if (candidatePassword !== user.auth.local.hashed_password) throw new NotAuthorized(res.t('wrongPassword'));
user.auth.local.email = req.body.newEmail;
await user.save();
return res.respond(200, { email: user.auth.local.email });
},
};
const partyMembersFields = 'profile.name stats achievements items.special';
/**