Make require password to update email

This commit is contained in:
syuilo 2018-11-29 20:19:02 +09:00
parent 48d0e2fa5f
commit 22e30b44b9
No known key found for this signature in database
GPG key ID: BDC4C49D06AB9D69
3 changed files with 21 additions and 2 deletions
locales
src
client/app/common/views/components
server/api/endpoints/i

View file

@ -26,6 +26,7 @@ common:
close: "閉じる" close: "閉じる"
do-not-copy-paste: "ここにコードを入力したり張り付けたりしないでください。アカウントが不正利用される可能性があります。" do-not-copy-paste: "ここにコードを入力したり張り付けたりしないでください。アカウントが不正利用される可能性があります。"
load-more: "もっと読み込む" load-more: "もっと読み込む"
enter-password: "パスワードを入力してください"
got-it: "わかった" got-it: "わかった"
customization-tips: customization-tips:

View file

@ -218,9 +218,15 @@ export default Vue.extend({
}, },
updateEmail() { updateEmail() {
this.$input({
title: this.$t('@.enter-password'),
type: 'password'
}).then(password => {
this.$root.api('i/update_email', { this.$root.api('i/update_email', {
password: password,
email: this.email == '' ? null : this.email email: this.email == '' ? null : this.email
}); });
});
} }
} }
}); });

View file

@ -7,6 +7,7 @@ import fetchMeta from '../../../../misc/fetch-meta';
import rndstr from 'rndstr'; import rndstr from 'rndstr';
import config from '../../../../config'; import config from '../../../../config';
const ms = require('ms'); const ms = require('ms');
import * as bcrypt from 'bcryptjs';
export const meta = { export const meta = {
requireCredential: true, requireCredential: true,
@ -19,6 +20,10 @@ export const meta = {
}, },
params: { params: {
password: {
validator: $.str
},
email: { email: {
validator: $.str.optional.nullable validator: $.str.optional.nullable
}, },
@ -26,6 +31,13 @@ export const meta = {
}; };
export default define(meta, (ps, user) => new Promise(async (res, rej) => { export default define(meta, (ps, user) => new Promise(async (res, rej) => {
// Compare password
const same = await bcrypt.compare(ps.password, user.password);
if (!same) {
return rej('incorrect password');
}
await User.update(user._id, { await User.update(user._id, {
$set: { $set: {
email: ps.email, email: ps.email,