diff options
Diffstat (limited to '')
-rw-r--r-- | locales/en/auth.json | 3 | ||||
-rw-r--r-- | src/routes/auth/login.ts | 20 | ||||
-rw-r--r-- | src/routes/users/@me/disable.ts | 16 |
3 files changed, 29 insertions, 10 deletions
diff --git a/locales/en/auth.json b/locales/en/auth.json index bcf6fca5..e19547a0 100644 --- a/locales/en/auth.json +++ b/locales/en/auth.json @@ -1,7 +1,8 @@ { "login": { "INVALID_LOGIN": "E-Mail or Phone not found", - "INVALID_PASSWORD": "Invalid Password" + "INVALID_PASSWORD": "Invalid Password", + "ACCOUNT_DISABLED": "This account is disabled" }, "register": { "REGISTRATION_DISABLED": "New user registration is disabled", diff --git a/src/routes/auth/login.ts b/src/routes/auth/login.ts index af00a46d..c92ddccc 100644 --- a/src/routes/auth/login.ts +++ b/src/routes/auth/login.ts @@ -9,7 +9,8 @@ import RateLimit from "../../middlewares/RateLimit"; const router: Router = Router(); export default router; -// TODO: check if user is deleted/restricted +// TODO: check if user is deleted --> prohibit login + router.post( "/", RateLimit({ count: 5, window: 60, onylIp: true }), @@ -22,7 +23,7 @@ router.post( $gift_code_sku_id: String }), async (req: Request, res: Response) => { - const { login, password, captcha_key } = req.body; + const { login, password, captcha_key, undelete } = req.body; const email = adjustEmail(login); const query: any[] = [{ phone: login }]; if (email) query.push({ email }); @@ -62,6 +63,13 @@ router.post( throw FieldErrors({ login: { message: req.t("auth:login.INVALID_LOGIN"), code: "INVALID_LOGIN" } }); }); + if (user.disabled && undelete) { + // undelete refers to un'disable' here + await UserModel.updateOne({ id: req.user_id }, { disabled: false }).exec(); + } else if (user.disabled) { + return res.status(400).json({ message: req.t("auth:login.ACCOUNT_DISABLED"), code: 20013 }); + } + // the salt is saved in the password refer to bcrypt docs const same_password = await bcrypt.compare(password, user.user_data.hash || ""); if (!same_password) { @@ -100,14 +108,14 @@ export async function generateToken(id: string) { /** * POST /auth/login * @argument { login: "email@gmail.com", password: "cleartextpassword", undelete: false, captcha_key: null, login_source: null, gift_code_sku_id: null, } - + * MFA required: * @returns {"token": null, "mfa": true, "sms": true, "ticket": "SOME TICKET JWT TOKEN"} - + * Captcha required: * @returns {"captcha_key": ["captcha-required"], "captcha_sitekey": null, "captcha_service": "recaptcha"} - + * Sucess: * @returns {"token": "USERTOKEN", "user_settings": {"locale": "en", "theme": "dark"}} - + */ diff --git a/src/routes/users/@me/disable.ts b/src/routes/users/@me/disable.ts index b16ef783..0e5b734e 100644 --- a/src/routes/users/@me/disable.ts +++ b/src/routes/users/@me/disable.ts @@ -1,10 +1,20 @@ +import { UserModel } from "@fosscord/server-util"; import { Router, Response, Request } from "express"; +import bcrypt from "bcrypt"; const router = Router(); -router.post("/", (req: Request, res: Response) => { - // TODO: - res.sendStatus(204); +router.post("/", async (req: Request, res: Response) => { + const user = await UserModel.findOne({ id: req.user_id }).exec(); //User object + + let correctpass = await bcrypt.compare(req.body.password, user!.user_data.hash); //Not sure if user typed right password :/ + if (correctpass) { + await UserModel.updateOne({ id: req.user_id }, { disabled: true }).exec(); + + res.sendStatus(204); + } else { + res.status(400).json({ message: "Password does not match", code: 50018 }); + } }); export default router; |