summary refs log tree commit diff
path: root/api/src/routes/users/@me/index.ts
diff options
context:
space:
mode:
authorFlam3rboy <34555296+Flam3rboy@users.noreply.github.com>2021-10-09 12:53:52 +0200
committerFlam3rboy <34555296+Flam3rboy@users.noreply.github.com>2021-10-09 12:53:52 +0200
commit0fd47815ebe94149102aaaf969b25f8b01c34e7e (patch)
tree3e4f826b4c2c73e0b3cb940b828a7ce5f1ee6f96 /api/src/routes/users/@me/index.ts
parent:bug: fix cdn (diff)
downloadserver-0fd47815ebe94149102aaaf969b25f8b01c34e7e.tar.xz
:bug: fix password changing
Diffstat (limited to 'api/src/routes/users/@me/index.ts')
-rw-r--r--api/src/routes/users/@me/index.ts26
1 files changed, 22 insertions, 4 deletions
diff --git a/api/src/routes/users/@me/index.ts b/api/src/routes/users/@me/index.ts
index f6bb04d7..c5f490d3 100644
--- a/api/src/routes/users/@me/index.ts
+++ b/api/src/routes/users/@me/index.ts
@@ -1,6 +1,7 @@
 import { Router, Request, Response } from "express";
-import { User, PrivateUserProjection, emitEvent, UserUpdateEvent, handleFile } from "@fosscord/util";
+import { User, PrivateUserProjection, emitEvent, UserUpdateEvent, handleFile, FieldErrors } from "@fosscord/util";
 import { route } from "@fosscord/api";
+import bcrypt from "bcrypt";
 
 const router: Router = Router();
 
@@ -32,10 +33,27 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res:
 	if (body.avatar) body.avatar = await handleFile(`/avatars/${req.user_id}`, body.avatar as string);
 	if (body.banner) body.banner = await handleFile(`/banners/${req.user_id}`, body.banner as string);
 
-	await new User({ ...body, id: req.user_id }).save();
-
-	//Need to reload user from db due to https://github.com/typeorm/typeorm/issues/3490
 	const user = await User.findOneOrFail({ where: { id: req.user_id }, select: PrivateUserProjection });
+
+	if (body.password) {
+		const same_password = await bcrypt.compare(body.password, user.data.hash || "");
+		if (!same_password) {
+			throw FieldErrors({ password: { message: req.t("auth:login.INVALID_PASSWORD"), code: "INVALID_PASSWORD" } });
+		}
+	}
+
+	user.assign(body);
+
+	if (body.new_password) {
+		if (!body.password && !user.email) {
+			throw FieldErrors({
+				password: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") }
+			});
+		}
+		user.data.hash = await bcrypt.hash(body.new_password, 12);
+	}
+
+	await user.save();
 	// TODO: send update member list event in gateway
 	await emitEvent({
 		event: "USER_UPDATE",