summaryrefslogtreecommitdiffstats
path: root/server/api/users.js
diff options
context:
space:
mode:
authorJannik Schönartz2019-02-26 03:46:36 +0100
committerJannik Schönartz2019-02-26 03:46:36 +0100
commitcf1b40542c41b3c78e83650e4e73e596c85ff160 (patch)
treed10d2f5061815e95fc56e43f1675eb127416e255 /server/api/users.js
parent[webapp/groups] fix wrong tabbar color (diff)
downloadbas-cf1b40542c41b3c78e83650e4e73e596c85ff160.tar.gz
bas-cf1b40542c41b3c78e83650e4e73e596c85ff160.tar.xz
bas-cf1b40542c41b3c78e83650e4e73e596c85ff160.zip
[account] Fix for the changePassword method
User upadate changes didn't hashed the new password correctly changePassword from promises reworked to async / await (much cleaner) Check weather the usertable is empty is now a get request and not mixed in the post request
Diffstat (limited to 'server/api/users.js')
-rw-r--r--server/api/users.js18
1 files changed, 16 insertions, 2 deletions
diff --git a/server/api/users.js b/server/api/users.js
index 663f88e..c5eb822 100644
--- a/server/api/users.js
+++ b/server/api/users.js
@@ -71,7 +71,17 @@ router.postAsync(['/', '/:id'], async (req, res) => {
else {
let user
user = await db.user.findOne({ where: { id: req.params.id } })
- if (user) await user.update(req.body)
+ if (user) {
+ await user.update({
+ username: req.body.username,
+ name: req.body.name,
+ email: req.body.email
+ })
+
+ if (req.body.password) {
+ return authentication.changePassword(req, res)
+ }
+ }
res.status(200).end()
}
}
@@ -79,7 +89,11 @@ router.postAsync(['/', '/:id'], async (req, res) => {
// Post request for changing the password.
router.post('/:id/password', (req, res) => {
- authentication.changePassword(req, res)
+ // Check if passwords are set.
+ if (req.body.passwordCurrent && req.body.password) {
+ if (req.body.passwordCurrent === req.body.password) return res.status(500).send({ auth: false, status: 'PASSWORD_ERROR', error_message: 'The provided password must be different than the old password.' })
+ return authentication.changePassword(req, res)
+ } else res.status(400).send({ auth: false, status: 'PASSWORD_MISSING', error_message: 'This service requires the current and the new password.' })
})
// Post request for chaning the user info. (name, email)