Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: don't require password challenge if no password is set in user account

Browse Source
This commit is contained in:
Julian Lam
2022-08-05 13:42:22 -04:00
parent 287f4c2c41
commit 9d27e90740
1 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/user/interstitials.js
View File

@@ -22,7 +22,11 @@ Interstitials.email = async (data) => {
return data;
}
const isAdminOrGlobalMod = await user.isAdminOrGlobalMod(data.req.uid);
const [isAdminOrGlobalMod, hasPassword] = await Promise.all([
user.isAdminOrGlobalMod(data.req.uid),
user.hasPassword(data.userData.uid),
]);
let email;
if (data.userData.uid) {
email = await user.getUserField(data.userData.uid, 'email');
@@ -33,7 +37,7 @@ Interstitials.email = async (data) => {
data: {
email,
requireEmailAddress: meta.config.requireEmailAddress,
update: !!data.userData.uid,
issuePasswordChallenge: !!data.userData.uid && hasPassword,
},
callback: async (userData, formData) => {
// Validate and send email confirmation
@@ -69,7 +73,7 @@ Interstitials.email = async (data) => {
await user.setUserField(userData.uid, 'email', formData.email);
await user.email.confirmByUid(userData.uid);
} else if (canEdit) {
if (!isPasswordCorrect) {
if (hasPassword && !isPasswordCorrect) {
throw new Error('[[error:invalid-password]]');
}
@@ -89,7 +93,7 @@ Interstitials.email = async (data) => {
throw new Error('[[error:invalid-email]]');
}
if (current.length && (isPasswordCorrect || isAdminOrGlobalMod)) {
if (current.length && (!hasPassword || (hasPassword && isPasswordCorrect) || isAdminOrGlobalMod)) {
// User explicitly clearing their email
await user.email.remove(userData.uid, data.req.session.id);
}