|
@@ -24,60 +24,68 @@ class ChangePassword extends API {
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
async onRequest(req, res) {
|
|
async onRequest(req, res) {
|
|
|
- let { uuid, session, oldpassword, password } = req.body;
|
|
|
|
|
|
|
+ try {
|
|
|
|
|
+ let { uuid, session, oldpassword, password } = req.body;
|
|
|
|
|
|
|
|
- if ([uuid, session, password].some(value => value === '' || value === null || value === undefined)) {
|
|
|
|
|
- return res.json({
|
|
|
|
|
- ...BaseStdResponse.MISSING_PARAMETER,
|
|
|
|
|
- endpoint: 1513126
|
|
|
|
|
- });
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
- // 检查 session 是否有效
|
|
|
|
|
- if (!await AccessControl.checkSession(uuid, session)) {
|
|
|
|
|
- return res.status(401).json({
|
|
|
|
|
- ...BaseStdResponse.ACCESS_DENIED,
|
|
|
|
|
- endpoint: 48153145
|
|
|
|
|
- });
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
- password = atob(password);
|
|
|
|
|
-
|
|
|
|
|
- if (!this.CheckPassword(password))
|
|
|
|
|
- return res.json({
|
|
|
|
|
- ...BaseStdResponse.ERR,
|
|
|
|
|
- msg: '密码需在8到16位之间,且包含字母和数字'
|
|
|
|
|
- })
|
|
|
|
|
-
|
|
|
|
|
- if (oldpassword) {
|
|
|
|
|
- oldpassword = atob(oldpassword);
|
|
|
|
|
-
|
|
|
|
|
- let sql = 'SELECT email, password FROM users WHERE uuid = ? AND password IS NULL';
|
|
|
|
|
- let rows = await db.query(sql, [uuid]);
|
|
|
|
|
- if (!rows || rows.length === 0)
|
|
|
|
|
|
|
+ if ([uuid, session, password].some(value => value === '' || value === null || value === undefined)) {
|
|
|
return res.json({
|
|
return res.json({
|
|
|
- ...BaseStdResponse.ERR,
|
|
|
|
|
- msg: '暂时无法重设密码,请联系客服'
|
|
|
|
|
- })
|
|
|
|
|
-
|
|
|
|
|
- if (oldpassword !== '' && !bcryptjs.compareSync(oldpassword, rows[0].password))
|
|
|
|
|
|
|
+ ...BaseStdResponse.MISSING_PARAMETER,
|
|
|
|
|
+ endpoint: 1513126
|
|
|
|
|
+ });
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ // 检查 session 是否有效
|
|
|
|
|
+ if (!await AccessControl.checkSession(uuid, session)) {
|
|
|
|
|
+ return res.status(401).json({
|
|
|
|
|
+ ...BaseStdResponse.ACCESS_DENIED,
|
|
|
|
|
+ endpoint: 48153145
|
|
|
|
|
+ });
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ password = atob(password);
|
|
|
|
|
+
|
|
|
|
|
+ if (!this.CheckPassword(password))
|
|
|
return res.json({
|
|
return res.json({
|
|
|
...BaseStdResponse.ERR,
|
|
...BaseStdResponse.ERR,
|
|
|
- msg: '密码错误!'
|
|
|
|
|
|
|
+ msg: '密码需在8到16位之间,且包含字母和数字'
|
|
|
})
|
|
})
|
|
|
- }
|
|
|
|
|
|
|
|
|
|
- const hashPassword = bcryptjs.hashSync(password, 10);
|
|
|
|
|
- let sql = 'UPDATE users SET password = ? WHERE uuid = ?';
|
|
|
|
|
- let result = await db.query(sql, [hashPassword, uuid]);
|
|
|
|
|
-
|
|
|
|
|
- if (result && result.affectedRows > 0) {
|
|
|
|
|
- res.json({
|
|
|
|
|
- ...BaseStdResponse.OK
|
|
|
|
|
- });
|
|
|
|
|
- } else {
|
|
|
|
|
- res.json({ ...BaseStdResponse.ERR, endpoint: 7894378, msg: '操作失败!' });
|
|
|
|
|
|
|
+ if (oldpassword && oldpassword !== '') {
|
|
|
|
|
+ oldpassword = atob(oldpassword);
|
|
|
|
|
+
|
|
|
|
|
+ let sql = 'SELECT email, password FROM users WHERE uuid = ? AND password IS NULL';
|
|
|
|
|
+ let rows = await db.query(sql, [uuid]);
|
|
|
|
|
+ if (!rows || rows.length === 0)
|
|
|
|
|
+ return res.json({
|
|
|
|
|
+ ...BaseStdResponse.ERR,
|
|
|
|
|
+ msg: '暂时无法重设密码,请联系客服'
|
|
|
|
|
+ })
|
|
|
|
|
+
|
|
|
|
|
+ if (oldpassword !== '' && !bcryptjs.compareSync(oldpassword, rows[0].password))
|
|
|
|
|
+ return res.json({
|
|
|
|
|
+ ...BaseStdResponse.ERR,
|
|
|
|
|
+ msg: '密码错误!'
|
|
|
|
|
+ })
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ const hashPassword = bcryptjs.hashSync(password, 10);
|
|
|
|
|
+ let sql = 'UPDATE users SET password = ? WHERE uuid = ?';
|
|
|
|
|
+ let result = await db.query(sql, [hashPassword, uuid]);
|
|
|
|
|
+
|
|
|
|
|
+ if (result && result.affectedRows > 0) {
|
|
|
|
|
+ res.json({
|
|
|
|
|
+ ...BaseStdResponse.OK
|
|
|
|
|
+ });
|
|
|
|
|
+ } else {
|
|
|
|
|
+ res.json({ ...BaseStdResponse.ERR, endpoint: 7894378, msg: '操作失败!' });
|
|
|
|
|
+ }
|
|
|
|
|
+ } catch (error) {
|
|
|
|
|
+ return res.json({
|
|
|
|
|
+ ...BaseStdResponse.ERR,
|
|
|
|
|
+ msg: '密码更新失败,请联系客服'
|
|
|
|
|
+ })
|
|
|
}
|
|
}
|
|
|
|
|
+
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
|
|
|
|
|
