[mod] password change: Anpassungen
This commit is contained in:
parent
0ed5457e3e
commit
d0d28cb445
2 changed files with 98 additions and 43 deletions
|
|
@ -13,7 +13,12 @@ namespace _espe.api
|
||||||
token : string;
|
token : string;
|
||||||
password_new : string;
|
password_new : string;
|
||||||
},
|
},
|
||||||
null
|
Array<
|
||||||
|
{
|
||||||
|
incident : string;
|
||||||
|
details : Record<string, any>;
|
||||||
|
}
|
||||||
|
>
|
||||||
>(
|
>(
|
||||||
rest_subject,
|
rest_subject,
|
||||||
lib_plankton.http.enum_method.patch,
|
lib_plankton.http.enum_method.patch,
|
||||||
|
|
@ -41,20 +46,53 @@ namespace _espe.api
|
||||||
]
|
]
|
||||||
}),
|
}),
|
||||||
"output_schema": () => ({
|
"output_schema": () => ({
|
||||||
|
"nullable": false,
|
||||||
|
"type": "array",
|
||||||
|
"items": {
|
||||||
|
"nullable": false,
|
||||||
|
"type": "object",
|
||||||
|
"properties": {
|
||||||
|
"incident": {
|
||||||
|
"nullable": false,
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
"details": {
|
||||||
|
"nullable": false,
|
||||||
|
"type": "object",
|
||||||
|
"properties": {},
|
||||||
|
"additionalProperties": {
|
||||||
"nullable": true
|
"nullable": true
|
||||||
|
},
|
||||||
|
"required": []
|
||||||
|
},
|
||||||
|
},
|
||||||
|
"additionalProperties": false,
|
||||||
|
"required": [
|
||||||
|
"incident",
|
||||||
|
"details",
|
||||||
|
]
|
||||||
|
}
|
||||||
}),
|
}),
|
||||||
"restriction": restriction_none,
|
"restriction": restriction_none,
|
||||||
"execution": async ({"path_parameters": path_parameters, "input": input}) => {
|
"execution": ({"path_parameters": path_parameters, "input": input}) => {
|
||||||
const member_id : _espe.type.member_id = parseInt(path_parameters["id"]);
|
const member_id : _espe.type.member_id = parseInt(path_parameters["id"]);
|
||||||
await _espe.service.member.password_change_execute(
|
return (
|
||||||
|
_espe.service.member.password_change_execute(
|
||||||
member_id,
|
member_id,
|
||||||
input.token,
|
input.token,
|
||||||
input.password_new
|
input.password_new
|
||||||
|
)
|
||||||
|
.then(
|
||||||
|
flaws => Promise.resolve({
|
||||||
|
"status_code": (
|
||||||
|
(flaws.length <= 0)
|
||||||
|
? 200
|
||||||
|
: 409
|
||||||
|
),
|
||||||
|
"data": flaws
|
||||||
|
})
|
||||||
|
)
|
||||||
);
|
);
|
||||||
return Promise.resolve({
|
|
||||||
"status_code": 200,
|
|
||||||
"data": null
|
|
||||||
});
|
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
|
||||||
|
|
@ -573,7 +573,8 @@ namespace _espe.service.member
|
||||||
};
|
};
|
||||||
await _espe.repository.member.update(member_id, member_object_new);
|
await _espe.repository.member.update(member_id, member_object_new);
|
||||||
// notify_change();
|
// notify_change();
|
||||||
await _espe.helpers.email_send(
|
// do NOT wait in order to reduce information for potential attackers
|
||||||
|
/*await*/ _espe.helpers.email_send(
|
||||||
[
|
[
|
||||||
member_object_old.email_address_private,
|
member_object_old.email_address_private,
|
||||||
],
|
],
|
||||||
|
|
@ -581,7 +582,7 @@ namespace _espe.service.member
|
||||||
lib_plankton.string.coin(
|
lib_plankton.string.coin(
|
||||||
_espe.conf.get().settings.password_change.initialization_email.body,
|
_espe.conf.get().settings.password_change.initialization_email.body,
|
||||||
{
|
{
|
||||||
"name": member_object_old.name_real_value,
|
"name": name_display(member_object_old),
|
||||||
"url": lib_plankton.string.coin(
|
"url": lib_plankton.string.coin(
|
||||||
"{{base}}{{rest}}",
|
"{{base}}{{rest}}",
|
||||||
{
|
{
|
||||||
|
|
@ -614,10 +615,15 @@ namespace _espe.service.member
|
||||||
member_id : _espe.type.member_id,
|
member_id : _espe.type.member_id,
|
||||||
token : string,
|
token : string,
|
||||||
password_new : string
|
password_new : string
|
||||||
) : Promise<void>
|
) : Promise<Array<{incident : string; details : Record<string, any>;}>>
|
||||||
{
|
{
|
||||||
const member_object_old : _espe.type.member_object = await _espe.repository.member.read(member_id);
|
const member_object_old : _espe.type.member_object = await _espe.repository.member.read(member_id);
|
||||||
if (! (token === member_object_old.password_change_token)) {
|
let flaws : Array<{incident : string; details : Record<string, any>;}> = [];
|
||||||
|
if (
|
||||||
|
(member_object_old.password_change_token === null)
|
||||||
|
||
|
||||||
|
(! (token === member_object_old.password_change_token))
|
||||||
|
) {
|
||||||
lib_plankton.log.notice(
|
lib_plankton.log.notice(
|
||||||
"member_password_change_token_invalid",
|
"member_password_change_token_invalid",
|
||||||
{
|
{
|
||||||
|
|
@ -625,7 +631,15 @@ namespace _espe.service.member
|
||||||
"token_sent": token,
|
"token_sent": token,
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
throw (new Error("password change token is invalid"));
|
flaws.push({"incident": "token_invalid", "details": {}});
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
flaws = flaws.concat(
|
||||||
|
validate_password(password_new)
|
||||||
|
.map(flaw => ({"incident": ("password_" + flaw.incident), "details": flaw.details}))
|
||||||
|
);
|
||||||
|
if (flaws.length > 0) {
|
||||||
|
// do nothing
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
const member_object_new : _espe.type.member_object = {
|
const member_object_new : _espe.type.member_object = {
|
||||||
|
|
@ -653,11 +667,14 @@ namespace _espe.service.member
|
||||||
lib_plankton.string.coin(
|
lib_plankton.string.coin(
|
||||||
_espe.conf.get().settings.password_change.execution_email.body,
|
_espe.conf.get().settings.password_change.execution_email.body,
|
||||||
{
|
{
|
||||||
|
"name": name_display(member_object_old),
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
return flaws;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue