From a7e6b766be6b30b37839beb13f31d96b141cc25a Mon Sep 17 00:00:00 2001 From: syuilo Date: Fri, 2 Nov 2018 12:49:08 +0900 Subject: Resolve #2623 --- src/server/api/endpoints/i/2fa/done.ts | 17 ++++++++++++----- src/server/api/endpoints/i/2fa/register.ts | 17 ++++++++++++----- src/server/api/endpoints/i/2fa/unregister.ts | 17 ++++++++++++----- 3 files changed, 36 insertions(+), 15 deletions(-) (limited to 'src/server/api/endpoints/i/2fa') diff --git a/src/server/api/endpoints/i/2fa/done.ts b/src/server/api/endpoints/i/2fa/done.ts index 6d38ca1de1..40b45a3d0b 100644 --- a/src/server/api/endpoints/i/2fa/done.ts +++ b/src/server/api/endpoints/i/2fa/done.ts @@ -1,18 +1,25 @@ import $ from 'cafy'; import * as speakeasy from 'speakeasy'; import User, { ILocalUser } from '../../../../../models/user'; +import getParams from '../../../get-params'; export const meta = { requireCredential: true, - secure: true + + secure: true, + + params: { + token: { + validator: $.str + } + } }; export default async (params: any, user: ILocalUser) => new Promise(async (res, rej) => { - // Get 'token' parameter - const [token, tokenErr] = $.str.get(params.token); - if (tokenErr) return rej('invalid token param'); + const [ps, psErr] = getParams(meta, params); + if (psErr) return rej(psErr); - const _token = token.replace(/\s/g, ''); + const _token = ps.token.replace(/\s/g, ''); if (user.twoFactorTempSecret == null) { return rej('二段階認証の設定が開始されていません'); diff --git a/src/server/api/endpoints/i/2fa/register.ts b/src/server/api/endpoints/i/2fa/register.ts index 0466a4f366..4d6b05b787 100644 --- a/src/server/api/endpoints/i/2fa/register.ts +++ b/src/server/api/endpoints/i/2fa/register.ts @@ -4,19 +4,26 @@ import * as speakeasy from 'speakeasy'; import * as QRCode from 'qrcode'; import User, { ILocalUser } from '../../../../../models/user'; import config from '../../../../../config'; +import getParams from '../../../get-params'; export const meta = { requireCredential: true, - secure: true + + secure: true, + + params: { + password: { + validator: $.str + } + } }; export default async (params: any, user: ILocalUser) => new Promise(async (res, rej) => { - // Get 'password' parameter - const [password, passwordErr] = $.str.get(params.password); - if (passwordErr) return rej('invalid password param'); + const [ps, psErr] = getParams(meta, params); + if (psErr) return rej(psErr); // Compare password - const same = await bcrypt.compare(password, user.password); + const same = await bcrypt.compare(ps.password, user.password); if (!same) { return rej('incorrect password'); diff --git a/src/server/api/endpoints/i/2fa/unregister.ts b/src/server/api/endpoints/i/2fa/unregister.ts index accf3ea0f2..e3a1bd43de 100644 --- a/src/server/api/endpoints/i/2fa/unregister.ts +++ b/src/server/api/endpoints/i/2fa/unregister.ts @@ -1,19 +1,26 @@ import $ from 'cafy'; import * as bcrypt from 'bcryptjs'; import User, { ILocalUser } from '../../../../../models/user'; +import getParams from '../../../get-params'; export const meta = { requireCredential: true, - secure: true + + secure: true, + + params: { + password: { + validator: $.str + } + } }; export default async (params: any, user: ILocalUser) => new Promise(async (res, rej) => { - // Get 'password' parameter - const [password, passwordErr] = $.str.get(params.password); - if (passwordErr) return rej('invalid password param'); + const [ps, psErr] = getParams(meta, params); + if (psErr) return rej(psErr); // Compare password - const same = await bcrypt.compare(password, user.password); + const same = await bcrypt.compare(ps.password, user.password); if (!same) { return rej('incorrect password'); -- cgit v1.2.3-freya