prohibit name change to existing name

This commit is contained in:
Erik 2023-05-02 02:55:04 +03:00
parent ff83c11cf8
commit c44fb4ebfa
Signed by: Navy.gif
GPG Key ID: 2532FBBB61C65A68
3 changed files with 21 additions and 4 deletions

View File

@ -2,7 +2,7 @@
"projectName": "webserver-framework",
"serverFilePath": "./server/Server.js",
"shardOptions": {
"respawn": false
"respawn": true
},
"shardCount": 1,
"serverOptions": {

View File

@ -212,6 +212,13 @@ class UserDatabase implements UserDatabaseInterface {
}
/**
* Find user by name
*
* @param {string} name
* @return {*}
* @memberof UserDatabase
*/
async findUser (name: string) {
if (!name)

View File

@ -49,7 +49,12 @@ class UserEndpoint extends ApiEndpoint {
];
this.subpaths = [
[ 'post', '/avatar', this.uploadAvatar.bind(this), [ fileUpload({ limits: { fileSize: 1024 * 1024 * 12, files: 1 }, abortOnLimit: true, safeFileNames: true, preserveExtension: true }) ]],
[ 'post', '/avatar', this.uploadAvatar.bind(this), [ fileUpload({
limits: { fileSize: 1024 * 1024 * 12, files: 1 },
abortOnLimit: true,
safeFileNames: true,
preserveExtension: true
}) ]],
[ 'post', '/settings', this.updateSettings.bind(this) ],
// 2 Factor Authentication
@ -127,10 +132,15 @@ class UserEndpoint extends ApiEndpoint {
if (!await user.authenticate(body.password))
return res.status(403).send('Invalid password');
if (body.username !== user.name) {
const existing = await this.#users.findUser(body.username);
if (existing)
return res.status(400).send('Username taken');
user.name = body.username;
}
if (body.newPassword)
await user.setPassword(body.newPassword);
if (body.username !== user.name)
user.name = body.username;
if (body.displayName !== user.displayName)
user.displayName = body.displayName;