From a7e6b766be6b30b37839beb13f31d96b141cc25a Mon Sep 17 00:00:00 2001 From: syuilo Date: Fri, 2 Nov 2018 12:49:08 +0900 Subject: Resolve #2623 --- src/server/api/endpoints/i/change_password.ts | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) (limited to 'src/server/api/endpoints/i/change_password.ts') diff --git a/src/server/api/endpoints/i/change_password.ts b/src/server/api/endpoints/i/change_password.ts index dc0f060c08..818637e224 100644 --- a/src/server/api/endpoints/i/change_password.ts +++ b/src/server/api/endpoints/i/change_password.ts @@ -1,23 +1,30 @@ import $ from 'cafy'; import * as bcrypt from 'bcryptjs'; import User, { ILocalUser } from '../../../../models/user'; +import getParams from '../../get-params'; export const meta = { requireCredential: true, - secure: true + + secure: true, + + params: { + currentPassword: { + validator: $.str + }, + + newPassword: { + validator: $.str + } + } }; export default async (params: any, user: ILocalUser) => new Promise(async (res, rej) => { - // Get 'currentPasword' parameter - const [currentPassword, currentPasswordErr] = $.str.get(params.currentPasword); - if (currentPasswordErr) return rej('invalid currentPasword param'); - - // Get 'newPassword' parameter - const [newPassword, newPasswordErr] = $.str.get(params.newPassword); - if (newPasswordErr) return rej('invalid newPassword param'); + const [ps, psErr] = getParams(meta, params); + if (psErr) return rej(psErr); // Compare password - const same = await bcrypt.compare(currentPassword, user.password); + const same = await bcrypt.compare(ps.currentPassword, user.password); if (!same) { return rej('incorrect password'); @@ -25,7 +32,7 @@ export default async (params: any, user: ILocalUser) => new Promise(async (res, // Generate hash of password const salt = await bcrypt.genSalt(8); - const hash = await bcrypt.hash(newPassword, salt); + const hash = await bcrypt.hash(ps.newPassword, salt); await User.update(user._id, { $set: { -- cgit v1.3.1-freya