closes #1044

11 years ago · 520b349c17
parent bbe1a00d34
commit 520b349c17
4 changed files with 65 additions and 22 deletions
--- a/public/src/forum/accountedit.js
+++ b/public/src/forum/accountedit.js
@ -190,10 +190,11 @@ define(['forum/accountheader', 'uploader'], function(header, uploader) {

 			$('#changePasswordBtn').on('click', function() {

-				if (passwordvalid && passwordsmatch && currentPassword.val()) {
+				if (passwordvalid && passwordsmatch && (currentPassword.val() || app.isAdmin)) {
 					socket.emit('user.changePassword', {
 						'currentPassword': currentPassword.val(),
-						'newPassword': password.val()
+						'newPassword': password.val(),
+						'uid': templates.get('theirid')
 					}, function(err) {

 						currentPassword.val('');
@ -203,12 +204,10 @@ define(['forum/accountheader', 'uploader'], function(header, uploader) {
 						passwordvalid = false;

 						if (err) {
-							app.alertError(err.message);
-							return;
+							return app.alertError(err.message);
 						}

 						app.alertSuccess('Your password is updated!');
-
 					});
 				}
 				return false;
--- a/public/templates/topic.tpl
+++ b/public/templates/topic.tpl
@ -296,4 +296,4 @@
 		</div>
 	</div>

-</div>
+</div>
--- a/src/events.js
+++ b/src/events.js
@ -13,6 +13,17 @@ var fs = require('fs'),
 		logWithUser(uid, 'changed password');
 	}

+	events.logAdminChangeUserPassword = function(adminUid, theirUid) {
+		user.getMultipleUserFields([adminUid, theirUid], ['username'], function(err, userData) {
+			if(err) {
+				return winston.error('Error logging event. ' + err.message);
+			}
+
+			var msg = userData[0].username + '(uid ' + adminUid + ') changed password of ' + userData[1].username + '(uid ' + theirUid + ')';
+			events.log(msg);
+		});
+	}
+
 	events.logPasswordReset = function(uid) {
 		logWithUser(uid, 'reset password');
 	}
@ -53,11 +64,10 @@ var fs = require('fs'),

 		user.getUserField(uid, 'username', function(err, username) {
 			if(err) {
-				winston.error('Error logging event. ' + err.message);
-				return;
+				return winston.error('Error logging event. ' + err.message);
 			}

-			var msg = '[' + new Date().toUTCString() + '] - ' + username + '(uid ' + uid + ') ' + string;
+			var msg = username + '(uid ' + uid + ') ' + string;
 			events.log(msg);
 		});
 	}
@ -65,6 +75,8 @@ var fs = require('fs'),
 	events.log = function(msg) {
 		var logFile = path.join(nconf.get('base_dir'), logFileName);

+		msg = '[' + new Date().toUTCString() + '] - ' + msg;
+
 		fs.appendFile(logFile, msg + '\n', function(err) {
 			if(err) {
 				winston.error('Error logging event. ' + err.message);
--- a/src/user.js
+++ b/src/user.js
@ -424,27 +424,59 @@ var bcrypt = require('bcryptjs'),
 	};

 	User.changePassword = function(uid, data, callback) {
+		if(!data || !data.uid) {
+			return callback(new Error('invalid-uid'));
+		}
+
+		function hashAndSetPassword(callback) {
+			User.hashPassword(data.newPassword, function(err, hash) {
+				if(err) {
+					return callback(err);
+				}
+
+				User.setUserField(data.uid, 'password', hash, function(err) {
+					if(err) {
+						return callback(err);
+					}
+
+					if(parseInt(uid, 10) === parseInt(data.uid, 10)) {
+						events.logPasswordChange(data.uid);
+					} else {
+						events.logAdminChangeUserPassword(uid, data.uid);
+					}
+
+					callback();
+				});
+			});
+		}
+
 		if (!utils.isPasswordValid(data.newPassword)) {
 			return callback(new Error('Invalid password!'));
 		}

-		User.getUserField(uid, 'password', function(err, currentPassword) {
-			bcrypt.compare(data.currentPassword, currentPassword, function(err, res) {
-				if (err) {
-					return callback(err);
+		if(parseInt(uid, 10) !== parseInt(data.uid, 10)) {
+			User.isAdministrator(uid, function(err, isAdmin) {
+				if(err || !isAdmin) {
+					return callback(err || new Error('not-allowed'));
 				}

-				if (res) {
-					User.hashPassword(data.newPassword, function(err, hash) {
-						User.setUserField(uid, 'password', hash);
-						events.logPasswordChange(uid);
-						callback(null);
-					});
-				} else {
-					callback(new Error('Your current password is not correct!'));
+				hashAndSetPassword(callback);
+			});
+		} else {
+			User.getUserField(uid, 'password', function(err, currentPassword) {
+				if(err) {
+					return callback(err);
 				}
+
+				bcrypt.compare(data.currentPassword, currentPassword, function(err, res) {
+					if (err || !res) {
+						return callback(err || new Error('Your current password is not correct!'));
+					}
+
+					hashAndSetPassword(callback);
+				});
 			});
-		});
+		}
 	};

 	User.setUserField = function(uid, field, value, callback) {