hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

closes #1044

Browse Source
v1.18.x
Baris Soner Usakli 11 years ago
parent bbe1a00d34
commit 520b349c17
4 changed files with 65 additions and 22 deletions
Show Stats Download Patch File Download Diff File

9
public/src/forum/accountedit.js
Unescape Escape View File

@ -190,10 +190,11 @@ define(['forum/accountheader', 'uploader'], function(header, uploader) {
$('#changePasswordBtn').on('click', function() { $('#changePasswordBtn').on('click', function() {
if (passwordvalid && passwordsmatch && currentPassword.val()) { if (passwordvalid && passwordsmatch && (currentPassword.val() || app.isAdmin)) {
socket.emit('user.changePassword', { socket.emit('user.changePassword', {
'currentPassword': currentPassword.val(), 'currentPassword': currentPassword.val(),
'newPassword': password.val() 'newPassword': password.val(),
'uid': templates.get('theirid')
}, function(err) { }, function(err) {
currentPassword.val(''); currentPassword.val('');
@ -203,12 +204,10 @@ define(['forum/accountheader', 'uploader'], function(header, uploader) {
passwordvalid = false; passwordvalid = false;
if (err) { if (err) {
app.alertError(err.message); return app.alertError(err.message);
return;
} }
app.alertSuccess('Your password is updated!'); app.alertSuccess('Your password is updated!');
}); });
} }
return false; return false;

18
src/events.js
Unescape Escape View File

@ -13,6 +13,17 @@ var fs = require('fs'),
logWithUser(uid, 'changed password'); logWithUser(uid, 'changed password');
} }
events.logAdminChangeUserPassword = function(adminUid, theirUid) {
user.getMultipleUserFields([adminUid, theirUid], ['username'], function(err, userData) {
if(err) {
return winston.error('Error logging event. ' + err.message);
}
var msg = userData[0].username + '(uid ' + adminUid + ') changed password of ' + userData[1].username + '(uid ' + theirUid + ')';
events.log(msg);
});
}
events.logPasswordReset = function(uid) { events.logPasswordReset = function(uid) {
logWithUser(uid, 'reset password'); logWithUser(uid, 'reset password');
} }
@ -53,11 +64,10 @@ var fs = require('fs'),
user.getUserField(uid, 'username', function(err, username) { user.getUserField(uid, 'username', function(err, username) {
if(err) { if(err) {
winston.error('Error logging event. ' + err.message); return winston.error('Error logging event. ' + err.message);
return;
} }
var msg = '[' + new Date().toUTCString() + '] - ' + username + '(uid ' + uid + ') ' + string; var msg = username + '(uid ' + uid + ') ' + string;
events.log(msg); events.log(msg);
}); });
} }
@ -65,6 +75,8 @@ var fs = require('fs'),
events.log = function(msg) { events.log = function(msg) {
var logFile = path.join(nconf.get('base_dir'), logFileName); var logFile = path.join(nconf.get('base_dir'), logFileName);
msg = '[' + new Date().toUTCString() + '] - ' + msg;
fs.appendFile(logFile, msg + '\n', function(err) { fs.appendFile(logFile, msg + '\n', function(err) {
if(err) { if(err) {
winston.error('Error logging event. ' + err.message); winston.error('Error logging event. ' + err.message);

50
src/user.js
Unescape Escape View File

@ -424,27 +424,59 @@ var bcrypt = require('bcryptjs'),
}; };
User.changePassword = function(uid, data, callback) { User.changePassword = function(uid, data, callback) {
if(!data || !data.uid) {
return callback(new Error('invalid-uid'));
}
function hashAndSetPassword(callback) {
User.hashPassword(data.newPassword, function(err, hash) {
if(err) {
return callback(err);
}
User.setUserField(data.uid, 'password', hash, function(err) {
if(err) {
return callback(err);
}
if(parseInt(uid, 10) === parseInt(data.uid, 10)) {
events.logPasswordChange(data.uid);
} else {
events.logAdminChangeUserPassword(uid, data.uid);
}
callback();
});
});
}
if (!utils.isPasswordValid(data.newPassword)) { if (!utils.isPasswordValid(data.newPassword)) {
return callback(new Error('Invalid password!')); return callback(new Error('Invalid password!'));
} }
if(parseInt(uid, 10) !== parseInt(data.uid, 10)) {
User.isAdministrator(uid, function(err, isAdmin) {
if(err || !isAdmin) {
return callback(err || new Error('not-allowed'));
}
hashAndSetPassword(callback);
});
} else {
User.getUserField(uid, 'password', function(err, currentPassword) { User.getUserField(uid, 'password', function(err, currentPassword) {
bcrypt.compare(data.currentPassword, currentPassword, function(err, res) {
if(err) { if(err) {
return callback(err); return callback(err);
} }
if (res) { bcrypt.compare(data.currentPassword, currentPassword, function(err, res) {
User.hashPassword(data.newPassword, function(err, hash) { if (err || !res) {
User.setUserField(uid, 'password', hash); return callback(err || new Error('Your current password is not correct!'));
events.logPasswordChange(uid);
callback(null);
});
} else {
callback(new Error('Your current password is not correct!'));
} }
hashAndSetPassword(callback);
}); });
}); });
}
}; };
User.setUserField = function(uid, field, value, callback) { User.setUserField = function(uid, field, value, callback) {

Write Preview
Loading…
Cancel
Save