krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-17 06:37:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: Correct change password on client

Browse Source 
* Add additional checks on server to prevent 500
* Add tests for param checks
This commit is contained in:
Blade Barringer
2016-05-23 23:30:37 -05:00
parent 02d075e342
commit ac77ceb75f
3 changed files with 56 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
website/server/controllers/api-v3/auth.js
View File

@@ -352,18 +352,27 @@ api.updatePassword = {
if (!user.auth.local.hashed_password) throw new BadRequest(res.t('userHasNoLocalRegistration'));
let oldPassword = passwordUtils.encrypt(req.body.password, user.auth.local.salt);
if (oldPassword !== user.auth.local.hashed_password) throw new NotAuthorized(res.t('wrongPassword'));
req.checkBody({
password: {
notEmpty: {errorMessage: res.t('missingNewPassword')},
},
newPassword: {
notEmpty: {errorMessage: res.t('missingPassword')},
},
newPassword: {
notEmpty: {errorMessage: res.t('missingNewPassword')},
},
confirmPassword: {
notEmpty: {errorMessage: res.t('missingNewPassword')},
},
});
let validationErrors = req.validationErrors();
if (validationErrors) {
throw validationErrors;
}
let oldPassword = passwordUtils.encrypt(req.body.password, user.auth.local.salt);
if (oldPassword !== user.auth.local.hashed_password) throw new NotAuthorized(res.t('wrongPassword'));
if (req.body.newPassword !== req.body.confirmPassword) throw new NotAuthorized(res.t('passwordConfirmationMatch'));
user.auth.local.hashed_password = passwordUtils.encrypt(req.body.newPassword, user.auth.local.salt); // eslint-disable-line camelcase