From cf1b40542c41b3c78e83650e4e73e596c85ff160 Mon Sep 17 00:00:00 2001 From: Jannik Schönartz Date: Tue, 26 Feb 2019 02:46:36 +0000 Subject: [account] Fix for the changePassword method User upadate changes didn't hashed the new password correctly changePassword from promises reworked to async / await (much cleaner) Check weather the usertable is empty is now a get request and not mixed in the post request --- server/api/users.js | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) (limited to 'server/api/users.js') diff --git a/server/api/users.js b/server/api/users.js index 663f88e..c5eb822 100644 --- a/server/api/users.js +++ b/server/api/users.js @@ -71,7 +71,17 @@ router.postAsync(['/', '/:id'], async (req, res) => { else { let user user = await db.user.findOne({ where: { id: req.params.id } }) - if (user) await user.update(req.body) + if (user) { + await user.update({ + username: req.body.username, + name: req.body.name, + email: req.body.email + }) + + if (req.body.password) { + return authentication.changePassword(req, res) + } + } res.status(200).end() } } @@ -79,7 +89,11 @@ router.postAsync(['/', '/:id'], async (req, res) => { // Post request for changing the password. router.post('/:id/password', (req, res) => { - authentication.changePassword(req, res) + // Check if passwords are set. + if (req.body.passwordCurrent && req.body.password) { + if (req.body.passwordCurrent === req.body.password) return res.status(500).send({ auth: false, status: 'PASSWORD_ERROR', error_message: 'The provided password must be different than the old password.' }) + return authentication.changePassword(req, res) + } else res.status(400).send({ auth: false, status: 'PASSWORD_MISSING', error_message: 'This service requires the current and the new password.' }) }) // Post request for chaning the user info. (name, email) -- cgit v1.2.3-55-g7522