Skip to content

Commit

Permalink
feat: require different passwords on update (#1163)
Browse files Browse the repository at this point in the history 
When the user updates their password, the new and old passwords must be
different. When an admin does it, this is not checked.
  • Loading branch information
@hf
hf authored Jul 4, 2023
1 parent 963df37 commit 154dd91
Showing 1 changed file with 10 additions and 4 deletions.
14 changes: 10 additions & 4 deletions internal/api/user.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,14 +29,14 @@ type UserUpdateParams struct {
CodeChallengeMethod string `json:"code_challenge_method"`
}

func (p *UserUpdateParams) Validate(conn *storage.Connection, user *models.User, aud string, config *conf.GlobalConfiguration) error {
func (p *UserUpdateParams) Validate(tx *storage.Connection, user *models.User, aud string, config *conf.GlobalConfiguration) error {
var err error
if p.Email != "" && p.Email != user.GetEmail() {
p.Email, err = validateEmail(p.Email)
if err != nil {
return err
}
if duplicateUser, err := models.IsDuplicatedEmail(conn, p.Email, aud, user); err != nil {
if duplicateUser, err := models.IsDuplicatedEmail(tx, p.Email, aud, user); err != nil {
return internalServerError("Database error checking email").WithInternalError(err)
} else if duplicateUser != nil {
return unprocessableEntityError(DuplicateEmailMsg)
Expand All @@ -53,7 +53,7 @@ func (p *UserUpdateParams) Validate(conn *storage.Connection, user *models.User,
if p.Phone, err = validatePhone(p.Phone); err != nil {
return err
}
if exists, err := models.IsDuplicatedPhone(conn, p.Phone, aud); err != nil {
if exists, err := models.IsDuplicatedPhone(tx, p.Phone, aud); err != nil {
return internalServerError("Database error checking phone").WithInternalError(err)
} else if exists {
return unprocessableEntityError(DuplicatePhoneMsg)
Expand All @@ -66,9 +66,15 @@ func (p *UserUpdateParams) Validate(conn *storage.Connection, user *models.User,
}
}
if p.Password != nil {
if len(*p.Password) < config.PasswordMinLength {
password := *p.Password

if len(password) < config.PasswordMinLength {
return invalidPasswordLengthError(config.PasswordMinLength)
}

if user.EncryptedPassword != "" && user.Authenticate(password) {
return unprocessableEntityError("New password should be different from the old password.")
}
}
if p.AppData != nil {
if !isAdmin(user, config) {
Expand Down

0 comments on commit 154dd91

Please sign in to comment.