mirror of
				https://github.com/NodeBB/NodeBB.git
				synced 2025-10-26 16:46:12 +01:00 
			
		
		
		
	refactor: change pwd change logic
add one more test
This commit is contained in:
		| @@ -278,25 +278,19 @@ module.exports = function (User) { | |||||||
| 		if (meta.config['password:disableEdit'] && !isAdmin) { | 		if (meta.config['password:disableEdit'] && !isAdmin) { | ||||||
| 			throw new Error('[[error:no-privileges]]'); | 			throw new Error('[[error:no-privileges]]'); | ||||||
| 		} | 		} | ||||||
| 		let isAdminOrPasswordMatch = false; |  | ||||||
| 		const isSelf = parseInt(uid, 10) === parseInt(data.uid, 10); | 		const isSelf = parseInt(uid, 10) === parseInt(data.uid, 10); | ||||||
|  |  | ||||||
| 		if (!isAdmin && !isSelf) { | 		if (!isAdmin && !isSelf) { | ||||||
| 			throw new Error('[[user:change_password_error_privileges]]'); | 			throw new Error('[[user:change_password_error_privileges]]'); | ||||||
| 		} | 		} | ||||||
|  |  | ||||||
| 		if ( | 		if (isSelf && hasPassword) { | ||||||
| 			(isAdmin && !isSelf) || // Admins ok | 			const correct = await User.isPasswordCorrect(data.uid, data.currentPassword, data.ip); | ||||||
| 			(!hasPassword && isSelf)	// Initial password set ok | 			if (!correct) { | ||||||
| 		) { |  | ||||||
| 			isAdminOrPasswordMatch = true; |  | ||||||
| 		} else { |  | ||||||
| 			isAdminOrPasswordMatch = await User.isPasswordCorrect(data.uid, data.currentPassword, data.ip); |  | ||||||
| 		} |  | ||||||
|  |  | ||||||
| 		if (!isAdminOrPasswordMatch) { |  | ||||||
| 				throw new Error('[[user:change_password_error_wrong_current]]'); | 				throw new Error('[[user:change_password_error_wrong_current]]'); | ||||||
| 			} | 			} | ||||||
|  | 		} | ||||||
|  |  | ||||||
| 		const hashedPassword = await User.hashPassword(data.newPassword); | 		const hashedPassword = await User.hashPassword(data.newPassword); | ||||||
| 		await Promise.all([ | 		await Promise.all([ | ||||||
|   | |||||||
							
								
								
									
										13
									
								
								test/user.js
									
									
									
									
									
								
							
							
						
						
									
										13
									
								
								test/user.js
									
									
									
									
									
								
							| @@ -860,6 +860,19 @@ describe('User', function () { | |||||||
| 			assert(correct); | 			assert(correct); | ||||||
| 		}); | 		}); | ||||||
|  |  | ||||||
|  | 		it('should not let admin change their password if current password is incorrect', async function () { | ||||||
|  | 			const adminUid = await User.create({ username: 'adminforgotpwd', password: 'admin1234' }); | ||||||
|  | 			await groups.join('administrators', adminUid); | ||||||
|  |  | ||||||
|  | 			let err; | ||||||
|  | 			try { | ||||||
|  | 				await socketUser.changePassword({ uid: adminUid }, { uid: adminUid, newPassword: '654321', currentPassword: 'wrongpwd' }); | ||||||
|  | 			} catch (_err) { | ||||||
|  | 				err = _err; | ||||||
|  | 			} | ||||||
|  | 			assert.equal(err.message, '[[user:change_password_error_wrong_current]]'); | ||||||
|  | 		}); | ||||||
|  |  | ||||||
| 		it('should change username', function (done) { | 		it('should change username', function (done) { | ||||||
| 			socketUser.changeUsernameEmail({ uid: uid }, { uid: uid, username: 'updatedAgain', password: '123456' }, function (err) { | 			socketUser.changeUsernameEmail({ uid: uid }, { uid: uid, username: 'updatedAgain', password: '123456' }, function (err) { | ||||||
| 				assert.ifError(err); | 				assert.ifError(err); | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user