jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Explicitly verifyWithUsername() and offer a verify() userId based

Browse Source
This commit is contained in:
Johannes Zellner
2016-04-05 16:27:04 +02:00
parent baf586b028
commit b205212bf2
4 changed files with 78 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/routes/user.js
View File

@@ -196,7 +196,7 @@ function verifyPassword(req, res, next) {
// Only allow admins or users, operating on themselves
if (req.params.userId && !(req.user.id === req.params.userId || isAdmin)) return next(new HttpError(403, 'Not allowed'));
user.verify(req.user.username, req.body.password, function (error) {
user.verifyWithUsername(req.user.username, req.body.password, function (error) {
if (error && error.reason === UserError.WRONG_PASSWORD) return next(new HttpError(403, 'Password incorrect'));
if (error && error.reason === UserError.NOT_FOUND) return next(new HttpError(403, 'Password incorrect'));
if (error) return next(new HttpError(500, error));