perms + tell the client to re-auth after passwd change

2023-07-18 17:11:25 +03:00 · 2023-07-18 17:11:25 +03:00 · eafae55e35
commit eafae55e35
parent 9f6df93d9f
1 changed files with 15 additions and 5 deletions
--- a/src/server/endpoints/api/User.ts
+++ b/src/server/endpoints/api/User.ts
@ -69,9 +69,9 @@ class UserEndpoint extends ApiEndpoint
            [ 'get', '/connect/:service/finalise', this.connectOAuthFinalise.bind(this) ],

            // Applications
-            [ 'get', '/applications', this.applications.bind(this) ], 
+            [ 'get', '/applications', this.applications.bind(this), [ server.auth.createAuthoriser('applications', 5) ]], 
            [ 'post', '/applications', this.createApplication.bind(this), [ server.auth.createAuthoriser('applications:create', 5) ]],
-            [ 'delete', '/applications/:id', this.deleteApplication.bind(this) ],
+            [ 'delete', '/applications/:id', this.deleteApplication.bind(this), [ server.auth.createAuthoriser('applications', 5) ]],
        ];

        this.middleware = [
@ -151,11 +151,21 @@ class UserEndpoint extends ApiEndpoint
                return res.status(400).send('Username taken');
            user.name = body.username; 
        }
-        if (body.newPassword) 
-            await user.setPassword(body.newPassword);
+        
        if (body.displayName !== user.displayName) 
            user.displayName = body.displayName;

+        if (body.newPassword)
+        {
+            await user.setPassword(body.newPassword, true); 
+            req.session.destroy(() => 
+            {
+                res.json({ reAuth: true });
+            });
+            return;
+        }
+
+
        await user.save();
        return res.end();