Allow password changes for external registrations

2019-08-08 17:13:52 +03:00 · 2019-08-08 17:13:52 +03:00 · 39d3d568e8
commit 39d3d568e8
parent 29f6c56161
1 changed files with 12 additions and 7 deletions
--- a/server/routes/index.js
+++ b/server/routes/index.js
@ -277,7 +277,9 @@ router.get('/user/manage', ensureLogin, wrap(async (req, res) => {

 // Change password
 router.get('/user/manage/password', ensureLogin, wrap(async (req, res) => {
-  res.render('user/password_new')
+  let socialStatus = await API.User.socialStatus(req.session.user)
+
+  res.render('user/password_new', {token: socialStatus.password})
 }))

 // Change email
@ -458,7 +460,7 @@ router.post('/login/reset', accountLimiter, csrfValidation, wrap(async (req, res
  }

  try {
-    await API.User.Reset.reset(email)
+    await API.User.Reset.reset(email, false)

    req.flash('message', {error: false, text: 'We\'ve sent a link to your email address. Please check spam folders, too!'})
    res.redirect('/login/reset?success=true')
@ -631,15 +633,18 @@ router.post('/user/manage', csrfValidation, wrap(async (req, res, next) => {
 // Change user password
 router.post('/user/manage/password', accountLimiter, csrfValidation, wrap(async (req, res, next) => {
  if (!req.session.user) return next()
+  let user = req.session.user
+  let socialStatus = await API.User.socialStatus(user)

-  if (!req.body.password_old) {
+  if (!req.body.password_old && socialStatus.password) {
    return formError(req, res, 'Please enter your current password.')
  }

-  let user = req.session.user
-  let passwordMatch = await API.User.Login.password(user, req.body.password_old)
-  if (!passwordMatch) {
-    return formError(req, res, 'The password you provided is incorrect.')
+  if (socialStatus.password) {
+    let passwordMatch = await API.User.Login.password(user, req.body.password_old)
+    if (!passwordMatch) {
+      return formError(req, res, 'The password you provided is incorrect.')
+    }
  }

  let password = req.body.password