2024-10-30 18:59:44 +01:00
|
|
|
/*\
|
|
|
|
|
title: $:/plugins/tiddlywiki/multiwikiserver/routes/handlers/change-password.js
|
|
|
|
|
type: application/javascript
|
|
|
|
|
module-type: mws-route
|
|
|
|
|
|
|
|
|
|
POST /change-user-password
|
|
|
|
|
|
|
|
|
|
\*/
|
|
|
|
|
(function () {
|
|
|
|
|
|
|
|
|
|
/*jslint node: true, browser: true */
|
|
|
|
|
/*global $tw: false */
|
|
|
|
|
"use strict";
|
|
|
|
|
var authenticator = require("$:/plugins/tiddlywiki/multiwikiserver/auth/authentication.js").Authenticator;
|
|
|
|
|
|
|
|
|
|
exports.method = "POST";
|
|
|
|
|
|
|
|
|
|
exports.path = /^\/change-user-password\/?$/;
|
|
|
|
|
|
|
|
|
|
exports.bodyFormat = "www-form-urlencoded";
|
|
|
|
|
|
|
|
|
|
exports.csrfDisable = true;
|
|
|
|
|
|
|
|
|
|
exports.handler = function (request, response, state) {
|
2024-11-08 11:09:42 +01:00
|
|
|
var userId = state.data.userId;
|
|
|
|
|
// Clean up any existing error/success messages
|
|
|
|
|
$tw.mws.store.adminWiki.deleteTiddler("$:/temp/mws/change-password/" + userId + "/error");
|
|
|
|
|
$tw.mws.store.adminWiki.deleteTiddler("$:/temp/mws/change-password/" + userId + "/success");
|
|
|
|
|
$tw.mws.store.adminWiki.deleteTiddler("$:/temp/mws/login/error");
|
|
|
|
|
|
2024-10-30 18:59:44 +01:00
|
|
|
if(!state.authenticatedUser) {
|
2024-11-08 11:09:42 +01:00
|
|
|
$tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
|
|
|
|
|
title: "$:/temp/mws/login/error",
|
|
|
|
|
text: "You must be logged in to change passwords"
|
|
|
|
|
}));
|
|
|
|
|
response.writeHead(302, { "Location": "/login" });
|
|
|
|
|
response.end();
|
2024-10-30 18:59:44 +01:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2024-11-08 11:09:42 +01:00
|
|
|
var auth = authenticator(state.server.sqlTiddlerDatabase);
|
2024-10-30 18:59:44 +01:00
|
|
|
var newPassword = state.data.newPassword;
|
|
|
|
|
var confirmPassword = state.data.confirmPassword;
|
2024-10-30 19:38:21 +01:00
|
|
|
var currentUserId = state.authenticatedUser.user_id;
|
|
|
|
|
|
2024-11-08 11:09:42 +01:00
|
|
|
var hasPermission = ($tw.utils.parseInt(userId) === currentUserId) || state.authenticatedUser.isAdmin;
|
2024-10-30 19:38:21 +01:00
|
|
|
|
|
|
|
|
if(!hasPermission) {
|
2024-11-08 11:09:42 +01:00
|
|
|
$tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
|
|
|
|
|
title: "$:/temp/mws/change-password/" + userId + "/error",
|
|
|
|
|
text: "You don't have permission to change this user's password"
|
|
|
|
|
}));
|
|
|
|
|
response.writeHead(302, { "Location": "/admin/users/" + userId });
|
|
|
|
|
response.end();
|
2024-10-30 19:38:21 +01:00
|
|
|
return;
|
|
|
|
|
}
|
2024-10-30 18:59:44 +01:00
|
|
|
|
|
|
|
|
if(newPassword !== confirmPassword) {
|
2024-11-08 11:09:42 +01:00
|
|
|
$tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
|
|
|
|
|
title: "$:/temp/mws/change-password/" + userId + "/error",
|
|
|
|
|
text: "New passwords do not match"
|
|
|
|
|
}));
|
2024-10-30 18:59:44 +01:00
|
|
|
response.writeHead(302, { "Location": "/admin/users/" + userId });
|
|
|
|
|
response.end();
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var userData = state.server.sqlTiddlerDatabase.getUser(userId);
|
|
|
|
|
|
|
|
|
|
if(!userData) {
|
2024-11-08 11:09:42 +01:00
|
|
|
$tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
|
|
|
|
|
title: "$:/temp/mws/change-password/" + userId + "/error",
|
|
|
|
|
text: "User not found"
|
|
|
|
|
}));
|
2024-10-30 18:59:44 +01:00
|
|
|
response.writeHead(302, { "Location": "/admin/users/" + userId });
|
|
|
|
|
response.end();
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var newHash = auth.hashPassword(newPassword);
|
|
|
|
|
var result = state.server.sqlTiddlerDatabase.updateUserPassword(userId, newHash);
|
|
|
|
|
|
2024-11-08 11:09:42 +01:00
|
|
|
$tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
|
|
|
|
|
title: "$:/temp/mws/change-password/" + userId + "/success",
|
|
|
|
|
text: result.message
|
|
|
|
|
}));
|
2024-10-30 18:59:44 +01:00
|
|
|
response.writeHead(302, { "Location": "/admin/users/" + userId });
|
|
|
|
|
response.end();
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
}());
|
