vbatts/ntfy
1
0
Fork 0
Code Pull requests Activity

Changing password should confirm the old password

Browse source
This commit is contained in:
binwiederhier 2023-01-21 20:52:16 -05:00
parent c66a9851cc
commit 88abd8872d
9 changed files with 78 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

9
server/server_account.go
View file

@ -136,11 +136,16 @@ func (s *Server) handleAccountDelete(w http.ResponseWriter, _ *http.Request, v *
}
func (s *Server) handleAccountPasswordChange(w http.ResponseWriter, r *http.Request, v *visitor) error {
newPassword, err := readJSONWithLimit[apiAccountPasswordChangeRequest](r.Body, jsonBodyBytesLimit)
req, err := readJSONWithLimit[apiAccountPasswordChangeRequest](r.Body, jsonBodyBytesLimit)
if err != nil {
return err
} else if req.Password == "" || req.NewPassword == "" {
return errHTTPBadRequest
}
if err := s.userManager.ChangePassword(v.user.Name, newPassword.Password); err != nil {
if _, err := s.userManager.Authenticate(v.user.Name, req.Password); err != nil {
return errHTTPBadRequestCurrentPasswordWrong
}
if err := s.userManager.ChangePassword(v.user.Name, req.NewPassword); err != nil {
return err
}
return s.writeJSON(w, newSuccessResponse())