diff options
author | Chocobozzz <me@florianbigard.com> | 2022-10-07 14:23:42 +0200 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2022-10-07 14:28:35 +0200 |
commit | 2166c058f34dff6f91566930d12448805d829de7 (patch) | |
tree | 2b9100b8eccbac287d1105c765901f966a354986 /server/middlewares/validators/users.ts | |
parent | d12b40fb96d56786a96c06a621f3d8e0a0d24f4a (diff) | |
download | PeerTube-2166c058f34dff6f91566930d12448805d829de7.tar.gz PeerTube-2166c058f34dff6f91566930d12448805d829de7.tar.zst PeerTube-2166c058f34dff6f91566930d12448805d829de7.zip |
Allow admins to disable two factor auth
Diffstat (limited to 'server/middlewares/validators/users.ts')
-rw-r--r-- | server/middlewares/validators/users.ts | 47 |
1 files changed, 32 insertions, 15 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 046029547..055af3b64 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
@@ -506,23 +506,40 @@ const usersVerifyEmailValidator = [ | |||
506 | } | 506 | } |
507 | ] | 507 | ] |
508 | 508 | ||
509 | const usersCheckCurrentPassword = [ | 509 | const usersCheckCurrentPasswordFactory = (targetUserIdGetter: (req: express.Request) => number | string) => { |
510 | body('currentPassword').custom(exists), | 510 | return [ |
511 | body('currentPassword').optional().custom(exists), | ||
511 | 512 | ||
512 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 513 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
513 | if (areValidationErrors(req, res)) return | 514 | if (areValidationErrors(req, res)) return |
514 | 515 | ||
515 | const user = res.locals.oauth.token.User | 516 | const user = res.locals.oauth.token.User |
516 | if (await user.isPasswordMatch(req.body.currentPassword) !== true) { | 517 | const isAdminOrModerator = user.role === UserRole.ADMINISTRATOR || user.role === UserRole.MODERATOR |
517 | return res.fail({ | 518 | const targetUserId = parseInt(targetUserIdGetter(req) + '') |
518 | status: HttpStatusCode.FORBIDDEN_403, | ||
519 | message: 'currentPassword is invalid.' | ||
520 | }) | ||
521 | } | ||
522 | 519 | ||
523 | return next() | 520 | // Admin/moderator action on another user, skip the password check |
524 | } | 521 | if (isAdminOrModerator && targetUserId !== user.id) { |
525 | ] | 522 | return next() |
523 | } | ||
524 | |||
525 | if (!req.body.currentPassword) { | ||
526 | return res.fail({ | ||
527 | status: HttpStatusCode.BAD_REQUEST_400, | ||
528 | message: 'currentPassword is missing' | ||
529 | }) | ||
530 | } | ||
531 | |||
532 | if (await user.isPasswordMatch(req.body.currentPassword) !== true) { | ||
533 | return res.fail({ | ||
534 | status: HttpStatusCode.FORBIDDEN_403, | ||
535 | message: 'currentPassword is invalid.' | ||
536 | }) | ||
537 | } | ||
538 | |||
539 | return next() | ||
540 | } | ||
541 | ] | ||
542 | } | ||
526 | 543 | ||
527 | const userAutocompleteValidator = [ | 544 | const userAutocompleteValidator = [ |
528 | param('search') | 545 | param('search') |
@@ -591,7 +608,7 @@ export { | |||
591 | usersUpdateValidator, | 608 | usersUpdateValidator, |
592 | usersUpdateMeValidator, | 609 | usersUpdateMeValidator, |
593 | usersVideoRatingValidator, | 610 | usersVideoRatingValidator, |
594 | usersCheckCurrentPassword, | 611 | usersCheckCurrentPasswordFactory, |
595 | ensureUserRegistrationAllowed, | 612 | ensureUserRegistrationAllowed, |
596 | ensureUserRegistrationAllowedForIP, | 613 | ensureUserRegistrationAllowedForIP, |
597 | usersGetValidator, | 614 | usersGetValidator, |