From 39d3d568e8c718450c5d4972df31709e9501ee78 Mon Sep 17 00:00:00 2001 From: Evert Prants Date: Thu, 8 Aug 2019 17:13:52 +0300 Subject: [PATCH] Allow password changes for external registrations --- server/routes/index.js | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/server/routes/index.js b/server/routes/index.js index 3fcba5f..8354394 100644 --- a/server/routes/index.js +++ b/server/routes/index.js @@ -277,7 +277,9 @@ router.get('/user/manage', ensureLogin, wrap(async (req, res) => { // Change password router.get('/user/manage/password', ensureLogin, wrap(async (req, res) => { - res.render('user/password_new') + let socialStatus = await API.User.socialStatus(req.session.user) + + res.render('user/password_new', {token: socialStatus.password}) })) // Change email @@ -458,7 +460,7 @@ router.post('/login/reset', accountLimiter, csrfValidation, wrap(async (req, res } try { - await API.User.Reset.reset(email) + await API.User.Reset.reset(email, false) req.flash('message', {error: false, text: 'We\'ve sent a link to your email address. Please check spam folders, too!'}) res.redirect('/login/reset?success=true') @@ -631,15 +633,18 @@ router.post('/user/manage', csrfValidation, wrap(async (req, res, next) => { // Change user password router.post('/user/manage/password', accountLimiter, csrfValidation, wrap(async (req, res, next) => { if (!req.session.user) return next() + let user = req.session.user + let socialStatus = await API.User.socialStatus(user) - if (!req.body.password_old) { + if (!req.body.password_old && socialStatus.password) { return formError(req, res, 'Please enter your current password.') } - let user = req.session.user - let passwordMatch = await API.User.Login.password(user, req.body.password_old) - if (!passwordMatch) { - return formError(req, res, 'The password you provided is incorrect.') + if (socialStatus.password) { + let passwordMatch = await API.User.Login.password(user, req.body.password_old) + if (!passwordMatch) { + return formError(req, res, 'The password you provided is incorrect.') + } } let password = req.body.password