Password changing

2021-04-11 21:55:50 +10:00 · 2021-04-11 21:55:50 +10:00 · 197f846384
parent 4ca3429dc0
commit 197f846384
3 changed files with 33 additions and 9 deletions
--- a/lib/errors.js
+++ b/lib/errors.js
@ -7,6 +7,14 @@ let Errors = {
 		'This account has already been created',
 		400
 	],
+	passwordString: [
+		'Please enter your password',
+		400
+	],
+	passwordNotSame: [
+		'Please make sure the confirmation password matches',
+		400
+	],
 	categoryAlreadyExists: [
 		'This category has already been created',
 		400
--- a/models/user.js
+++ b/models/user.js
@ -433,14 +433,14 @@ module.exports = (sequelize, DataTypes) => {
 	User.prototype.emailVerify = function () {
 		this.update({ emailVerified: true })
 	}
-	User.prototype.updatePassword = function (currentPassword, newPassword) {
-		if(currentPassword === newPassword) {
+	User.prototype.updatePassword = function (oldPassword, newPassword) {
+		if(oldPassword === newPassword) {
 			throw Errors.passwordSame
-		} else if(typeof currentPassword !== 'string' || typeof newPassword !== 'string') {
+		} else if(typeof oldPassword !== 'string' || typeof newPassword !== 'string') {
 			throw new sequelize.ValidationError('Please enter your password')
 		}

-		let correctPassword = bcrypt.compare(currentPassword, this.hash)
+		let correctPassword = bcrypt.compare(oldPassword, this.hash)

 		if(correctPassword) {
 			this.update({ hash: newPassword })
--- a/v2_routes/userutils.js
+++ b/v2_routes/userutils.js
@ -642,15 +642,15 @@ router.put('/preferences', auth, async(req, res, next) => {
        }
        await Ban.ReadOnlyMode(req.userData.id)

-        if(req.autosan.body.description !== undefined) {
-            let user = await User.update({ description: req.autosan.body.description }, { where: {
+        if(req.body.description !== undefined) {
+            await User.update({ description: req.body.description }, { where: {
                    username: req.userData.username
                }})

            res.json({ success: true })

        } else if(
-            req.body.currentPassword !== undefined &&
+            req.body.oldPassword !== undefined &&
            req.body.newPassword !== undefined
        ) {
            let user = await User.findOne({
@ -659,8 +659,24 @@ router.put('/preferences', auth, async(req, res, next) => {
                }
            })

-            await user.updatePassword(req.body.currentPassword, req.body.newPassword)
-            res.json({success: true})
+            if(req.body.oldPassword === user.offset) {
+                throw Errors.passwordSame
+            } else if(typeof req.body.oldPassword !== 'string' || typeof req.body.newPassword !== 'string' || typeof req.body.newPasswordConfirm !== 'string') {
+                throw Errors.passwordString
+            } else if(req.body.newPassword !== req.body.newPasswordConfirm) {
+                throw Errors.passwordNotSame
+            }
+
+            let passwordCompare = await bcrypt.compare(req.body.oldPassword, user.hash)
+            console.log(passwordCompare)
+            console.log(user.jwtOffset)
+            if(passwordCompare) {
+                user.update({ hash: req.body.newPassword, jwtOffset: user.jwtOffset+1 })
+                res.json({success: true, jwtOffset: user.jwtOffset})
+                console.log(user.jwtOffset)
+            } else {
+                throw Errors.invalidLoginCredentials
+            }
        } else if(
            req.body.emailCurrentPassword !== undefined &&
            req.body.newEmail !== undefined