From a7e6b766be6b30b37839beb13f31d96b141cc25a Mon Sep 17 00:00:00 2001
From: syuilo <syuilotan@yahoo.co.jp>
Date: Fri, 2 Nov 2018 12:49:08 +0900
Subject: Resolve #2623

---
 src/server/api/endpoints/i/2fa/register.ts | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

(limited to 'src/server/api/endpoints/i/2fa/register.ts')

diff --git a/src/server/api/endpoints/i/2fa/register.ts b/src/server/api/endpoints/i/2fa/register.ts
index 0466a4f366..4d6b05b787 100644
--- a/src/server/api/endpoints/i/2fa/register.ts
+++ b/src/server/api/endpoints/i/2fa/register.ts
@@ -4,19 +4,26 @@ import * as speakeasy from 'speakeasy';
 import * as QRCode from 'qrcode';
 import User, { ILocalUser } from '../../../../../models/user';
 import config from '../../../../../config';
+import getParams from '../../../get-params';
 
 export const meta = {
 	requireCredential: true,
-	secure: true
+
+	secure: true,
+
+	params: {
+		password: {
+			validator: $.str
+		}
+	}
 };
 
 export default async (params: any, user: ILocalUser) => new Promise(async (res, rej) => {
-	// Get 'password' parameter
-	const [password, passwordErr] = $.str.get(params.password);
-	if (passwordErr) return rej('invalid password param');
+	const [ps, psErr] = getParams(meta, params);
+	if (psErr) return rej(psErr);
 
 	// Compare password
-	const same = await bcrypt.compare(password, user.password);
+	const same = await bcrypt.compare(ps.password, user.password);
 
 	if (!same) {
 		return rej('incorrect password');
-- 
cgit v1.2.3-freya