|
|
@@ -26,7 +26,7 @@ class ChangePassword extends API {
|
|
|
async onRequest(req, res) {
|
|
|
let { uuid, session, oldpassword, password } = req.body;
|
|
|
|
|
|
- if ([uuid, session, oldpassword, password].some(value => value === '' || value === null || value === undefined)) {
|
|
|
+ if ([uuid, session, password].some(value => value === '' || value === null || value === undefined)) {
|
|
|
return res.json({
|
|
|
...BaseStdResponse.MISSING_PARAMETER,
|
|
|
endpoint: 1513126
|
|
|
@@ -41,7 +41,6 @@ class ChangePassword extends API {
|
|
|
});
|
|
|
}
|
|
|
|
|
|
- oldpassword = atob(oldpassword);
|
|
|
password = atob(password);
|
|
|
|
|
|
if (!this.CheckPassword(password))
|
|
|
@@ -50,18 +49,23 @@ class ChangePassword extends API {
|
|
|
msg: '密码需在8到16位之间,且包含字母和数字'
|
|
|
})
|
|
|
|
|
|
- let sql = 'SELECT email, password FROM users WHERE uuid = ?';
|
|
|
- let rows = await db.query(sql, [uuid]);
|
|
|
- if(!rows || rows.length === 0)
|
|
|
- return res.json({
|
|
|
- ...BaseStdResponse.DATABASE_ERR
|
|
|
- })
|
|
|
+ if (oldpassword) {
|
|
|
+ oldpassword = atob(oldpassword);
|
|
|
|
|
|
- if (oldpassword !== '' && !bcryptjs.compareSync(oldpassword, rows[0].password))
|
|
|
- return res.json({
|
|
|
- ...BaseStdResponse.ERR,
|
|
|
- msg: '密码错误!'
|
|
|
- })
|
|
|
+ let sql = 'SELECT email, password FROM users WHERE uuid = ? AND password IS NULL';
|
|
|
+ let rows = await db.query(sql, [uuid]);
|
|
|
+ if (!rows || rows.length === 0)
|
|
|
+ return res.json({
|
|
|
+ ...BaseStdResponse.ERR,
|
|
|
+ msg: '暂时无法重设密码,请联系客服'
|
|
|
+ })
|
|
|
+
|
|
|
+ if (oldpassword !== '' && !bcryptjs.compareSync(oldpassword, rows[0].password))
|
|
|
+ return res.json({
|
|
|
+ ...BaseStdResponse.ERR,
|
|
|
+ msg: '密码错误!'
|
|
|
+ })
|
|
|
+ }
|
|
|
|
|
|
const hashPassword = bcryptjs.hashSync(password, 10);
|
|
|
sql = 'UPDATE users SET password = ? WHERE uuid = ?';
|
