Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: #11855, remove superfluous password challenge on admin email update (unless they're updating their own)

Browse Source
This commit is contained in:
Julian Lam
2023-07-31 17:45:38 -04:00
parent f075e12a91
commit 4ca71f6354
1 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/user/interstitials.js
View File

@@ -28,8 +28,8 @@ Interstitials.email = async (data) => {
return data; return data;
} }
const [isAdminOrGlobalMod, hasPassword, hasPending] = await Promise.all([ const [canManageUsers, hasPassword, hasPending] = await Promise.all([
user.isAdminOrGlobalMod(data.req.uid), privileges.admin.can('admin:users', data.req.uid),
user.hasPassword(data.userData.uid), user.hasPassword(data.userData.uid),
user.email.isValidationPending(data.userData.uid), user.email.isValidationPending(data.userData.uid),
]); ]);
@@ -44,7 +44,12 @@ Interstitials.email = async (data) => {
data: { data: {
email, email,
requireEmailAddress: meta.config.requireEmailAddress, requireEmailAddress: meta.config.requireEmailAddress,
issuePasswordChallenge: !!data.userData.uid && hasPassword, issuePasswordChallenge:
hasPassword &&
(
(canManageUsers && data.userData.uid === data.req.uid) || // admin changing own email
(!canManageUsers && !!data.userData.uid) // non-admins changing own email
),
hasPending, hasPending,
}, },
callback: async (userData, formData) => { callback: async (userData, formData) => {
@@ -68,7 +73,7 @@ Interstitials.email = async (data) => {
}), }),
]); ]);
if (!isAdminOrGlobalMod && !isPasswordCorrect) { if (!canManageUsers && !isPasswordCorrect) {
await sleep(2000); await sleep(2000);
} }
@@ -87,7 +92,7 @@ Interstitials.email = async (data) => {
} }
// Admins editing will auto-confirm, unless editing their own email // Admins editing will auto-confirm, unless editing their own email
if (isAdminOrGlobalMod && userData.uid !== data.req.uid) { if (canManageUsers && userData.uid !== data.req.uid) {
if (!await user.email.available(formData.email)) { if (!await user.email.available(formData.email)) {
throw new Error('[[error:email-taken]]'); throw new Error('[[error:email-taken]]');
} }
@@ -115,7 +120,7 @@ Interstitials.email = async (data) => {
throw new Error('[[error:invalid-email]]'); throw new Error('[[error:invalid-email]]');
} }
if (current.length && (!hasPassword || (hasPassword && isPasswordCorrect) || isAdminOrGlobalMod)) { if (current.length && (!hasPassword || (hasPassword && isPasswordCorrect) || canManageUsers)) {
// User or admin explicitly clearing their email // User or admin explicitly clearing their email
await user.email.remove(userData.uid, isSelf ? data.req.session.id : null); await user.email.remove(userData.uid, isSelf ? data.req.session.id : null);
} }