diff options
author | Chocobozzz <me@florianbigard.com> | 2020-05-20 10:04:44 +0200 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2020-05-20 10:17:27 +0200 |
commit | 9a7fd9600bf513adffbf2127be7c3a8b4d31073f (patch) | |
tree | a2ac8e321f57f5c7add15ec8166a6a2e7bdf989a /server/middlewares | |
parent | 51539e95d954867d5c4561ac56843105253db79c (diff) | |
download | PeerTube-9a7fd9600bf513adffbf2127be7c3a8b4d31073f.tar.gz PeerTube-9a7fd9600bf513adffbf2127be7c3a8b4d31073f.tar.zst PeerTube-9a7fd9600bf513adffbf2127be7c3a8b4d31073f.zip |
Fix external auth email/password update
Also check if an actor does not already exist when creating the user
Diffstat (limited to 'server/middlewares')
-rw-r--r-- | server/middlewares/validators/users.ts | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 840b9fc74..3bdbcdf6a 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
@@ -234,14 +234,19 @@ const usersUpdateMeValidator = [ | |||
234 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 234 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
235 | logger.debug('Checking usersUpdateMe parameters', { parameters: omit(req.body, 'password') }) | 235 | logger.debug('Checking usersUpdateMe parameters', { parameters: omit(req.body, 'password') }) |
236 | 236 | ||
237 | const user = res.locals.oauth.token.User | ||
238 | |||
237 | if (req.body.password || req.body.email) { | 239 | if (req.body.password || req.body.email) { |
240 | if (user.pluginAuth !== null) { | ||
241 | return res.status(400) | ||
242 | .json({ error: 'You cannot update your email or password that is associated with an external auth system.' }) | ||
243 | } | ||
244 | |||
238 | if (!req.body.currentPassword) { | 245 | if (!req.body.currentPassword) { |
239 | return res.status(400) | 246 | return res.status(400) |
240 | .json({ error: 'currentPassword parameter is missing.' }) | 247 | .json({ error: 'currentPassword parameter is missing.' }) |
241 | .end() | ||
242 | } | 248 | } |
243 | 249 | ||
244 | const user = res.locals.oauth.token.User | ||
245 | if (await user.isPasswordMatch(req.body.currentPassword) !== true) { | 250 | if (await user.isPasswordMatch(req.body.currentPassword) !== true) { |
246 | return res.status(401) | 251 | return res.status(401) |
247 | .json({ error: 'currentPassword is invalid.' }) | 252 | .json({ error: 'currentPassword is invalid.' }) |