jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

profile: unify password verification check

Browse Source
This commit is contained in:
Girish Ramakrishnan
2024-01-22 13:53:40 +01:00
parent 3220721f84
commit d7dda61775
4 changed files with 7 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/server.js
View File

@@ -160,9 +160,9 @@ async function initializeExpressSync() {
// working off the user behind the provided token
router.get ('/api/v1/profile', token, authorizeUser, routes.profile.get);
router.post('/api/v1/profile/display_name', json, token, authorizeUser, routes.profile.authorize, routes.profile.setDisplayName);
router.post('/api/v1/profile/email', json, token, authorizeUser, routes.profile.authorize, routes.profile.setEmail);
router.post('/api/v1/profile/fallback_email', json, token, authorizeUser, routes.profile.authorize, routes.profile.setFallbackEmail);
router.post('/api/v1/profile/display_name', json, token, authorizeUser, routes.profile.canEditProfile, routes.profile.setDisplayName);
router.post('/api/v1/profile/email', json, token, authorizeUser, routes.profile.canEditProfile, routes.users.verifyPassword, routes.profile.setEmail);
router.post('/api/v1/profile/fallback_email', json, token, authorizeUser, routes.profile.canEditProfile, routes.users.verifyPassword, routes.profile.setFallbackEmail);
router.get ('/api/v1/profile/avatar/:identifier', routes.profile.getAvatar); // this is not scoped so it can used directly in img tag
router.post('/api/v1/profile/avatar', json, token, authorizeUser, (req, res, next) => { return typeof req.body.avatar === 'string' ? next() : multipart(req, res, next); }, routes.profile.setAvatar); // avatar is not exposed in LDAP. so it's personal and not locked
router.get ('/api/v1/profile/background_image', token, authorizeUser, routes.profile.getBackgroundImage);