Make require password to update email

This commit is contained in:
syuilo 2018-11-29 20:19:02 +09:00
parent 48d0e2fa5f
commit 22e30b44b9
No known key found for this signature in database
GPG key ID: BDC4C49D06AB9D69
3 changed files with 21 additions and 2 deletions

View file

@ -26,6 +26,7 @@ common:
close: "閉じる"
do-not-copy-paste: "ここにコードを入力したり張り付けたりしないでください。アカウントが不正利用される可能性があります。"
load-more: "もっと読み込む"
enter-password: "パスワードを入力してください"
got-it: "わかった"
customization-tips:

View file

@ -218,9 +218,15 @@ export default Vue.extend({
},
updateEmail() {
this.$input({
title: this.$t('@.enter-password'),
type: 'password'
}).then(password => {
this.$root.api('i/update_email', {
password: password,
email: this.email == '' ? null : this.email
});
});
}
}
});

View file

@ -7,6 +7,7 @@ import fetchMeta from '../../../../misc/fetch-meta';
import rndstr from 'rndstr';
import config from '../../../../config';
const ms = require('ms');
import * as bcrypt from 'bcryptjs';
export const meta = {
requireCredential: true,
@ -19,6 +20,10 @@ export const meta = {
},
params: {
password: {
validator: $.str
},
email: {
validator: $.str.optional.nullable
},
@ -26,6 +31,13 @@ export const meta = {
};
export default define(meta, (ps, user) => new Promise(async (res, rej) => {
// Compare password
const same = await bcrypt.compare(ps.password, user.password);
if (!same) {
return rej('incorrect password');
}
await User.update(user._id, {
$set: {
email: ps.email,