aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/validators/users.ts
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2022-10-07 14:23:42 +0200
committerChocobozzz <me@florianbigard.com>2022-10-07 14:28:35 +0200
commit2166c058f34dff6f91566930d12448805d829de7 (patch)
tree2b9100b8eccbac287d1105c765901f966a354986 /server/middlewares/validators/users.ts
parentd12b40fb96d56786a96c06a621f3d8e0a0d24f4a (diff)
downloadPeerTube-2166c058f34dff6f91566930d12448805d829de7.tar.gz
PeerTube-2166c058f34dff6f91566930d12448805d829de7.tar.zst
PeerTube-2166c058f34dff6f91566930d12448805d829de7.zip
Allow admins to disable two factor auth
Diffstat (limited to 'server/middlewares/validators/users.ts')
-rw-r--r--server/middlewares/validators/users.ts47
1 files changed, 32 insertions, 15 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 046029547..055af3b64 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -506,23 +506,40 @@ const usersVerifyEmailValidator = [
506 } 506 }
507] 507]
508 508
509const usersCheckCurrentPassword = [ 509const usersCheckCurrentPasswordFactory = (targetUserIdGetter: (req: express.Request) => number | string) => {
510 body('currentPassword').custom(exists), 510 return [
511 body('currentPassword').optional().custom(exists),
511 512
512 async (req: express.Request, res: express.Response, next: express.NextFunction) => { 513 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
513 if (areValidationErrors(req, res)) return 514 if (areValidationErrors(req, res)) return
514 515
515 const user = res.locals.oauth.token.User 516 const user = res.locals.oauth.token.User
516 if (await user.isPasswordMatch(req.body.currentPassword) !== true) { 517 const isAdminOrModerator = user.role === UserRole.ADMINISTRATOR || user.role === UserRole.MODERATOR
517 return res.fail({ 518 const targetUserId = parseInt(targetUserIdGetter(req) + '')
518 status: HttpStatusCode.FORBIDDEN_403,
519 message: 'currentPassword is invalid.'
520 })
521 }
522 519
523 return next() 520 // Admin/moderator action on another user, skip the password check
524 } 521 if (isAdminOrModerator && targetUserId !== user.id) {
525] 522 return next()
523 }
524
525 if (!req.body.currentPassword) {
526 return res.fail({
527 status: HttpStatusCode.BAD_REQUEST_400,
528 message: 'currentPassword is missing'
529 })
530 }
531
532 if (await user.isPasswordMatch(req.body.currentPassword) !== true) {
533 return res.fail({
534 status: HttpStatusCode.FORBIDDEN_403,
535 message: 'currentPassword is invalid.'
536 })
537 }
538
539 return next()
540 }
541 ]
542}
526 543
527const userAutocompleteValidator = [ 544const userAutocompleteValidator = [
528 param('search') 545 param('search')
@@ -591,7 +608,7 @@ export {
591 usersUpdateValidator, 608 usersUpdateValidator,
592 usersUpdateMeValidator, 609 usersUpdateMeValidator,
593 usersVideoRatingValidator, 610 usersVideoRatingValidator,
594 usersCheckCurrentPassword, 611 usersCheckCurrentPasswordFactory,
595 ensureUserRegistrationAllowed, 612 ensureUserRegistrationAllowed,
596 ensureUserRegistrationAllowedForIP, 613 ensureUserRegistrationAllowedForIP,
597 usersGetValidator, 614 usersGetValidator,