From 22e30b44b905b594aa7790adff7faa8c2bdfef1b Mon Sep 17 00:00:00 2001 From: syuilo Date: Thu, 29 Nov 2018 20:19:02 +0900 Subject: [PATCH] Make require password to update email --- locales/ja-JP.yml | 1 + .../app/common/views/components/profile-editor.vue | 10 ++++++++-- src/server/api/endpoints/i/update_email.ts | 12 ++++++++++++ 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/locales/ja-JP.yml b/locales/ja-JP.yml index ca98e7fe2..6c4a821d3 100644 --- a/locales/ja-JP.yml +++ b/locales/ja-JP.yml @@ -26,6 +26,7 @@ common: close: "閉じる" do-not-copy-paste: "ここにコードを入力したり張り付けたりしないでください。アカウントが不正利用される可能性があります。" load-more: "もっと読み込む" + enter-password: "パスワードを入力してください" got-it: "わかった" customization-tips: diff --git a/src/client/app/common/views/components/profile-editor.vue b/src/client/app/common/views/components/profile-editor.vue index fc0fbb9e6..62d5d7a29 100644 --- a/src/client/app/common/views/components/profile-editor.vue +++ b/src/client/app/common/views/components/profile-editor.vue @@ -218,8 +218,14 @@ export default Vue.extend({ }, updateEmail() { - this.$root.api('i/update_email', { - email: this.email == '' ? null : this.email + this.$input({ + title: this.$t('@.enter-password'), + type: 'password' + }).then(password => { + this.$root.api('i/update_email', { + password: password, + email: this.email == '' ? null : this.email + }); }); } } diff --git a/src/server/api/endpoints/i/update_email.ts b/src/server/api/endpoints/i/update_email.ts index c2699d47c..0aa22b4d8 100644 --- a/src/server/api/endpoints/i/update_email.ts +++ b/src/server/api/endpoints/i/update_email.ts @@ -7,6 +7,7 @@ import fetchMeta from '../../../../misc/fetch-meta'; import rndstr from 'rndstr'; import config from '../../../../config'; const ms = require('ms'); +import * as bcrypt from 'bcryptjs'; export const meta = { requireCredential: true, @@ -19,6 +20,10 @@ export const meta = { }, params: { + password: { + validator: $.str + }, + email: { validator: $.str.optional.nullable }, @@ -26,6 +31,13 @@ export const meta = { }; export default define(meta, (ps, user) => new Promise(async (res, rej) => { + // Compare password + const same = await bcrypt.compare(ps.password, user.password); + + if (!same) { + return rej('incorrect password'); + } + await User.update(user._id, { $set: { email: ps.email,