ben.carrasco/jambonz-api-server
1
0
Fork 0
mirror of https://github.com/jambonz/jambonz-api-server.git synced 2026-02-09 02:29:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

add check to not allow the same password to be user as new (#97)

Browse Source 
Co-authored-by: eglehelms <e.helms@cognigy.com>
This commit is contained in:
EgleH
2023-01-23 13:59:33 +01:00
committed by GitHub
parent 80ee1d06d7
commit 6c494786c8
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/routes/api/users.js
View File

@@ -285,6 +285,11 @@ router.put('/:user_sid', async(req, res) => {
//debug(`PUT /Users/:sid pwd ${old_password} does not match hash ${old_hashed_password}`); //debug(`PUT /Users/:sid pwd ${old_password} does not match hash ${old_hashed_password}`);
return res.sendStatus(403); return res.sendStatus(403);
} }
if (old_password === new_password) {
throw new Error('new password cannot be your old password');
}
const passwordHash = await generateHashedPassword(new_password); const passwordHash = await generateHashedPassword(new_password);
//debug(`updating hashed_password to ${passwordHash}`); //debug(`updating hashed_password to ${passwordHash}`);
const r = await promisePool.execute(updateSql, [passwordHash, user_sid]); const r = await promisePool.execute(updateSql, [passwordHash, user_sid]);