mirror of
https://github.com/NodeBB/NodeBB.git
synced 2025-10-31 11:05:54 +01:00
closes #1044
This commit is contained in:
Baris Soner Usakli
@@ -190,10 +190,11 @@ define(['forum/accountheader', 'uploader'], function(header, uploader) {
|
||||
|
||||
$('#changePasswordBtn').on('click', function() {
|
||||
|
||||
if (passwordvalid && passwordsmatch && currentPassword.val()) {
|
||||
if (passwordvalid && passwordsmatch && (currentPassword.val() || app.isAdmin)) {
|
||||
socket.emit('user.changePassword', {
|
||||
'currentPassword': currentPassword.val(),
|
||||
'newPassword': password.val()
|
||||
'newPassword': password.val(),
|
||||
'uid': templates.get('theirid')
|
||||
}, function(err) {
|
||||
|
||||
currentPassword.val('');
|
||||
@@ -203,12 +204,10 @@ define(['forum/accountheader', 'uploader'], function(header, uploader) {
|
||||
passwordvalid = false;
|
||||
|
||||
if (err) {
|
||||
app.alertError(err.message);
|
||||
return;
|
||||
return app.alertError(err.message);
|
||||
}
|
||||
|
||||
app.alertSuccess('Your password is updated!');
|
||||
|
||||
});
|
||||
}
|
||||
return false;
|
||||
|
||||
@@ -13,6 +13,17 @@ var fs = require('fs'),
|
||||
logWithUser(uid, 'changed password');
|
||||
}
|
||||
|
||||
events.logAdminChangeUserPassword = function(adminUid, theirUid) {
|
||||
user.getMultipleUserFields([adminUid, theirUid], ['username'], function(err, userData) {
|
||||
if(err) {
|
||||
return winston.error('Error logging event. ' + err.message);
|
||||
}
|
||||
|
||||
var msg = userData[0].username + '(uid ' + adminUid + ') changed password of ' + userData[1].username + '(uid ' + theirUid + ')';
|
||||
events.log(msg);
|
||||
});
|
||||
}
|
||||
|
||||
events.logPasswordReset = function(uid) {
|
||||
logWithUser(uid, 'reset password');
|
||||
}
|
||||
@@ -53,11 +64,10 @@ var fs = require('fs'),
|
||||
|
||||
user.getUserField(uid, 'username', function(err, username) {
|
||||
if(err) {
|
||||
winston.error('Error logging event. ' + err.message);
|
||||
return;
|
||||
return winston.error('Error logging event. ' + err.message);
|
||||
}
|
||||
|
||||
var msg = '[' + new Date().toUTCString() + '] - ' + username + '(uid ' + uid + ') ' + string;
|
||||
var msg = username + '(uid ' + uid + ') ' + string;
|
||||
events.log(msg);
|
||||
});
|
||||
}
|
||||
@@ -65,6 +75,8 @@ var fs = require('fs'),
|
||||
events.log = function(msg) {
|
||||
var logFile = path.join(nconf.get('base_dir'), logFileName);
|
||||
|
||||
msg = '[' + new Date().toUTCString() + '] - ' + msg;
|
||||
|
||||
fs.appendFile(logFile, msg + '\n', function(err) {
|
||||
if(err) {
|
||||
winston.error('Error logging event. ' + err.message);
|
||||
|
||||
52
src/user.js
52
src/user.js
@@ -424,27 +424,59 @@ var bcrypt = require('bcryptjs'),
|
||||
};
|
||||
|
||||
User.changePassword = function(uid, data, callback) {
|
||||
if(!data || !data.uid) {
|
||||
return callback(new Error('invalid-uid'));
|
||||
}
|
||||
|
||||
function hashAndSetPassword(callback) {
|
||||
User.hashPassword(data.newPassword, function(err, hash) {
|
||||
if(err) {
|
||||
return callback(err);
|
||||
}
|
||||
|
||||
User.setUserField(data.uid, 'password', hash, function(err) {
|
||||
if(err) {
|
||||
return callback(err);
|
||||
}
|
||||
|
||||
if(parseInt(uid, 10) === parseInt(data.uid, 10)) {
|
||||
events.logPasswordChange(data.uid);
|
||||
} else {
|
||||
events.logAdminChangeUserPassword(uid, data.uid);
|
||||
}
|
||||
|
||||
callback();
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
if (!utils.isPasswordValid(data.newPassword)) {
|
||||
return callback(new Error('Invalid password!'));
|
||||
}
|
||||
|
||||
if(parseInt(uid, 10) !== parseInt(data.uid, 10)) {
|
||||
User.isAdministrator(uid, function(err, isAdmin) {
|
||||
if(err || !isAdmin) {
|
||||
return callback(err || new Error('not-allowed'));
|
||||
}
|
||||
|
||||
hashAndSetPassword(callback);
|
||||
});
|
||||
} else {
|
||||
User.getUserField(uid, 'password', function(err, currentPassword) {
|
||||
bcrypt.compare(data.currentPassword, currentPassword, function(err, res) {
|
||||
if (err) {
|
||||
if(err) {
|
||||
return callback(err);
|
||||
}
|
||||
|
||||
if (res) {
|
||||
User.hashPassword(data.newPassword, function(err, hash) {
|
||||
User.setUserField(uid, 'password', hash);
|
||||
events.logPasswordChange(uid);
|
||||
callback(null);
|
||||
});
|
||||
} else {
|
||||
callback(new Error('Your current password is not correct!'));
|
||||
bcrypt.compare(data.currentPassword, currentPassword, function(err, res) {
|
||||
if (err || !res) {
|
||||
return callback(err || new Error('Your current password is not correct!'));
|
||||
}
|
||||
|
||||
hashAndSetPassword(callback);
|
||||
});
|
||||
});
|
||||
}
|
||||
};
|
||||
|
||||
User.setUserField = function(uid, field, value, callback) {
|
||||
|
||||
Reference in New Issue
Block a user