Skip to content

M
Moecube Accounts Backend
Commit b72ae4e9 authored by nanahira's avatar nanahira
Browse files
Options

whitelist profile change

parent 152fd2ec
Pipeline #5863 passed with stages
      in 2 minutes and 6 seconds
      Hide whitespace changes
      Inline Side-by-side
      Showing with 8 additions and 9 deletions
      src/controllers/user.ts
      View file @ b72ae4e9
      ...@@ -56,15 +56,10 @@ export const UpdateProfiles = async (ctx: Context) => { ...@@ -56,15 +56,10 @@ export const UpdateProfiles = async (ctx: Context) => {
      ctx.throw(400); ctx.throw(400);
      } }
      const targetUser = ctx.request.body; const targetUser = {
      name: ctx.request.body.name,
      if (targetUser.username && process.env.NO_CHANGE_USERNAME) { avatar: ctx.request.body.avatar,
      ctx.throw("Changing username is currently not allowed.", 400); };
      }
      if (user.id != targetUser.id || targetUser.admin != null || targetUser.active != null || targetUser.registration_ip_address || targetUser.ip_address) {
      ctx.throw("Cannot change sensitive data.", 400);
      }
      const userRep = getEntityManager().getRepository(User); const userRep = getEntityManager().getRepository(User);
      ...@@ -99,6 +94,10 @@ export const UpdateAccount = async (ctx: Context) => { ...@@ -99,6 +94,10 @@ export const UpdateAccount = async (ctx: Context) => {
      user_id: ctx.request.body.user_id user_id: ctx.request.body.user_id
      }; };
      if (u.username && process.env.NO_CHANGE_USERNAME) {
      ctx.throw("Changing username is currently not allowed.", 400);
      }
      if (!u.user_id || !u.password) { if (!u.user_id || !u.password) {
      ctx.throw(400); ctx.throw(400);
      } }
      ......
      Markdown is supported
      0% or
      You are about to add 0 people to the discussion. Proceed with caution.
      Finish editing this message first!
      Please register or to comment