make user enter current password when modifying password

2020-10-31 21:39:43 +08:00
parent 91162a140a
commit 40f86e4ce6
6 changed files with 76 additions and 8 deletions
@@ -131,8 +131,16 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.Context) (interface{}, *errs
 		userUpdateReq.Email = ""
 	}

-	if userUpdateReq.Password != "" && !a.users.IsPasswordEqualsUserPassword(userUpdateReq.Password, user) {
-		anythingUpdate = true
+	if userUpdateReq.Password != "" {
+		if !a.users.IsPasswordEqualsUserPassword(userUpdateReq.OldPassword, user) {
+			return nil, errs.ErrUserPasswordWrong
+		}
+
+		if !a.users.IsPasswordEqualsUserPassword(userUpdateReq.Password, user) {
+			anythingUpdate = true
+		} else {
+			userUpdateReq.Password = ""
+		}
 	} else {
 		userUpdateReq.Password = ""
 	}