summaryrefslogtreecommitdiff
path: root/src/server/api
diff options
context:
space:
mode:
Diffstat (limited to 'src/server/api')
-rw-r--r--src/server/api/endpoints/i/update_email.ts12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/server/api/endpoints/i/update_email.ts b/src/server/api/endpoints/i/update_email.ts
index c2699d47c2..0aa22b4d83 100644
--- a/src/server/api/endpoints/i/update_email.ts
+++ b/src/server/api/endpoints/i/update_email.ts
@@ -7,6 +7,7 @@ import fetchMeta from '../../../../misc/fetch-meta';
import rndstr from 'rndstr';
import config from '../../../../config';
const ms = require('ms');
+import * as bcrypt from 'bcryptjs';
export const meta = {
requireCredential: true,
@@ -19,6 +20,10 @@ export const meta = {
},
params: {
+ password: {
+ validator: $.str
+ },
+
email: {
validator: $.str.optional.nullable
},
@@ -26,6 +31,13 @@ export const meta = {
};
export default define(meta, (ps, user) => new Promise(async (res, rej) => {
+ // Compare password
+ const same = await bcrypt.compare(ps.password, user.password);
+
+ if (!same) {
+ return rej('incorrect password');
+ }
+
await User.update(user._id, {
$set: {
email: ps.email,
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-04 03:16:51 +0000