diff options
Diffstat (limited to 'server/middlewares/validators/users.ts')
| -rw-r--r-- | server/middlewares/validators/users.ts | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 840b9fc74..3bdbcdf6a 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
| @@ -234,14 +234,19 @@ const usersUpdateMeValidator = [ | |||
| 234 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | 234 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { |
| 235 | logger.debug('Checking usersUpdateMe parameters', { parameters: omit(req.body, 'password') }) | 235 | logger.debug('Checking usersUpdateMe parameters', { parameters: omit(req.body, 'password') }) |
| 236 | 236 | ||
| 237 | const user = res.locals.oauth.token.User | ||
| 238 | |||
| 237 | if (req.body.password || req.body.email) { | 239 | if (req.body.password || req.body.email) { |
| 240 | if (user.pluginAuth !== null) { | ||
| 241 | return res.status(400) | ||
| 242 | .json({ error: 'You cannot update your email or password that is associated with an external auth system.' }) | ||
| 243 | } | ||
| 244 | |||
| 238 | if (!req.body.currentPassword) { | 245 | if (!req.body.currentPassword) { |
| 239 | return res.status(400) | 246 | return res.status(400) |
| 240 | .json({ error: 'currentPassword parameter is missing.' }) | 247 | .json({ error: 'currentPassword parameter is missing.' }) |
| 241 | .end() | ||
| 242 | } | 248 | } |
| 243 | 249 | ||
| 244 | const user = res.locals.oauth.token.User | ||
| 245 | if (await user.isPasswordMatch(req.body.currentPassword) !== true) { | 250 | if (await user.isPasswordMatch(req.body.currentPassword) !== true) { |
| 246 | return res.status(401) | 251 | return res.status(401) |
| 247 | .json({ error: 'currentPassword is invalid.' }) | 252 | .json({ error: 'currentPassword is invalid.' }) |