-export {
- usersAddValidator,
- usersRegisterValidator,
- usersRemoveValidator,
- usersUpdateValidator,
- usersUpdateMeValidator,
- usersVideoRatingValidator,
- ensureUserRegistrationAllowed,
- usersGetValidator
+ async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ if (areValidationErrors(req, res)) return
+ if (!await checkUserIdExist(req.params.id, res)) return
+
+ const user = res.locals.user
+ const redisVerificationString = await Redis.Instance.getResetPasswordVerificationString(user.id)
+
+ if (redisVerificationString !== req.body.verificationString) {
+ return res.fail({
+ status: HttpStatusCode.FORBIDDEN_403,
+ message: 'Invalid verification string.'
+ })
+ }
+
+ return next()
+ }
+]
+
+const usersCheckCurrentPasswordFactory = (targetUserIdGetter: (req: express.Request) => number | string) => {
+ return [
+ body('currentPassword').optional().custom(exists),
+
+ async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+ if (areValidationErrors(req, res)) return
+
+ const user = res.locals.oauth.token.User
+ const isAdminOrModerator = user.role === UserRole.ADMINISTRATOR || user.role === UserRole.MODERATOR
+ const targetUserId = forceNumber(targetUserIdGetter(req))
+
+ // Admin/moderator action on another user, skip the password check
+ if (isAdminOrModerator && targetUserId !== user.id) {
+ return next()
+ }
+
+ if (!req.body.currentPassword) {
+ return res.fail({
+ status: HttpStatusCode.BAD_REQUEST_400,
+ message: 'currentPassword is missing'
+ })
+ }
+
+ if (await user.isPasswordMatch(req.body.currentPassword) !== true) {
+ return res.fail({
+ status: HttpStatusCode.FORBIDDEN_403,
+ message: 'currentPassword is invalid.'
+ })
+ }
+
+ return next()
+ }
+ ]