Make require password to update email

This commit is contained in:
syuilo 2018-11-29 20:19:02 +09:00
parent f783ef38b5
commit 13f375151d
3 changed files with 21 additions and 2 deletions

View File

@ -26,6 +26,7 @@ common:
close: "閉じる"
do-not-copy-paste: "ここにコードを入力したり張り付けたりしないでください。アカウントが不正利用される可能性があります。"
load-more: "もっと読み込む"
enter-password: "パスワードを入力してください"
got-it: "わかった"
customization-tips:

View File

@ -218,8 +218,14 @@ export default Vue.extend({
},
updateEmail() {
this.$root.api('i/update_email', {
email: this.email == '' ? null : this.email
this.$input({
title: this.$t('@.enter-password'),
type: 'password'
}).then(password => {
this.$root.api('i/update_email', {
password: password,
email: this.email == '' ? null : this.email
});
});
}
}

View File

@ -7,6 +7,7 @@ import fetchMeta from '../../../../misc/fetch-meta';
import rndstr from 'rndstr';
import config from '../../../../config';
const ms = require('ms');
import * as bcrypt from 'bcryptjs';
export const meta = {
requireCredential: true,
@ -19,6 +20,10 @@ export const meta = {
},
params: {
password: {
validator: $.str
},
email: {
validator: $.str.optional.nullable
},
@ -26,6 +31,13 @@ export const meta = {
};
export default define(meta, (ps, user) => new Promise(async (res, rej) => {
// Compare password
const same = await bcrypt.compare(ps.password, user.password);
if (!same) {
return rej('incorrect password');
}
await User.update(user._id, {
$set: {
email: ps.email,