1
0
Эх сурвалжийг харах

Patched some security issues.

KrisVos130 8 жил өмнө
parent
commit
e2cdc4b9ee

+ 12 - 0
backend/logic/actions/users.js

@@ -386,6 +386,12 @@ module.exports = {
 	updateUsername: hooks.loginRequired((session, updatingUserId, newUsername, cb, userId) => {
 	updateUsername: hooks.loginRequired((session, updatingUserId, newUsername, cb, userId) => {
 		async.waterfall([
 		async.waterfall([
 			(next) => {
 			(next) => {
+				if (updatingUserId === userId) return next(null, true);
+				db.models.user.findOne({_id: userId}, next);
+			},
+
+			(user, next) => {
+				if (user !== true && (!user || user.role !== 'admin')) return next('Invalid permissions.');
 				db.models.user.findOne({ _id: updatingUserId }, next);
 				db.models.user.findOne({ _id: updatingUserId }, next);
 			},
 			},
 
 
@@ -438,6 +444,12 @@ module.exports = {
 		let verificationToken = utils.generateRandomString(64);
 		let verificationToken = utils.generateRandomString(64);
 		async.waterfall([
 		async.waterfall([
 			(next) => {
 			(next) => {
+				if (updatingUserId === userId) return next(null, true);
+				db.models.user.findOne({_id: userId}, next);
+			},
+
+			(user, next) => {
+				if (user !== true && (!user || user.role !== 'admin')) return next('Invalid permissions.');
 				db.models.user.findOne({ _id: updatingUserId }, next);
 				db.models.user.findOne({ _id: updatingUserId }, next);
 			},
 			},
 
 

+ 0 - 1
backend/logic/app.js

@@ -150,7 +150,6 @@ const lib = {
 				(httpResponse, body2, next) => {
 				(httpResponse, body2, next) => {
 					body2 = JSON.parse(body2);
 					body2 = JSON.parse(body2);
 					if (!Array.isArray(body2)) return next(body2.message);
 					if (!Array.isArray(body2)) return next(body2.message);
-					let address;
 					body2.forEach(email => {
 					body2.forEach(email => {
 						if (email.primary) address = email.email.toLowerCase();
 						if (email.primary) address = email.email.toLowerCase();
 					});
 					});

+ 2 - 2
frontend/components/User/Settings.vue

@@ -124,7 +124,7 @@
 		methods: {
 		methods: {
 			changeEmail: function () {
 			changeEmail: function () {
 				if (!this.user.email.address) return Toast.methods.addToast('Email cannot be empty', 8000);
 				if (!this.user.email.address) return Toast.methods.addToast('Email cannot be empty', 8000);
-				this.socket.emit('users.updateEmail', this.user.email.address, res => {
+				this.socket.emit('users.updateEmail', this.$parent.userId, this.user.email.address, res => {
 					if (res.status !== 'success') Toast.methods.addToast(res.message, 8000);
 					if (res.status !== 'success') Toast.methods.addToast(res.message, 8000);
 					else Toast.methods.addToast('Successfully changed email address', 4000);
 					else Toast.methods.addToast('Successfully changed email address', 4000);
 				});
 				});
@@ -132,7 +132,7 @@
 			changeUsername: function () {
 			changeUsername: function () {
 				let _this = this;
 				let _this = this;
 				if (!_this.user.username) return Toast.methods.addToast('Username cannot be empty', 8000);
 				if (!_this.user.username) return Toast.methods.addToast('Username cannot be empty', 8000);
-				_this.socket.emit('users.updateUsername', _this.user.username, res => {
+				_this.socket.emit('users.updateUsername', this.$parent.userId, _this.user.username, res => {
 					if (res.status !== 'success') Toast.methods.addToast(res.message, 8000);
 					if (res.status !== 'success') Toast.methods.addToast(res.message, 8000);
 					else Toast.methods.addToast('Successfully changed username', 4000);
 					else Toast.methods.addToast('Successfully changed username', 4000);
 				});
 				});