-
Notifications
You must be signed in to change notification settings - Fork 10.9k
/
saveUserProfile.js
89 lines (70 loc) · 2.35 KB
/
saveUserProfile.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
import { Meteor } from 'meteor/meteor';
import { Match, check } from 'meteor/check';
import { Accounts } from 'meteor/accounts-base';
import { saveCustomFields, passwordPolicy } from '../../app/lib';
import { Users } from '../../app/models';
import { settings as rcSettings } from '../../app/settings';
Meteor.methods({
saveUserProfile(settings, customFields) {
check(settings, Object);
check(customFields, Match.Maybe(Object));
if (!rcSettings.get('Accounts_AllowUserProfileChange')) {
throw new Meteor.Error('error-not-allowed', 'Not allowed', {
method: 'saveUserProfile',
});
}
if (!Meteor.userId()) {
throw new Meteor.Error('error-invalid-user', 'Invalid user', {
method: 'saveUserProfile',
});
}
const user = Users.findOneById(Meteor.userId());
function checkPassword(user = {}, typedPassword) {
if (!(user.services && user.services.password && user.services.password.bcrypt && user.services.password.bcrypt.trim())) {
return true;
}
const passCheck = Accounts._checkPassword(user, {
digest: typedPassword,
algorithm: 'sha-256',
});
if (passCheck.error) {
return false;
}
return true;
}
if (settings.realname) {
Meteor.call('setRealName', settings.realname);
}
if (settings.username) {
Meteor.call('setUsername', settings.username);
}
if (settings.statusText || settings.statusText === '') {
Meteor.call('setUserStatus', null, settings.statusText);
}
if (settings.email) {
if (!checkPassword(user, settings.typedPassword)) {
throw new Meteor.Error('error-invalid-password', 'Invalid password', {
method: 'saveUserProfile',
});
}
Meteor.call('setEmail', settings.email);
}
// Should be the last check to prevent error when trying to check password for users without password
if (settings.newPassword && rcSettings.get('Accounts_AllowPasswordChange') === true) {
if (!checkPassword(user, settings.typedPassword)) {
throw new Meteor.Error('error-invalid-password', 'Invalid password', {
method: 'saveUserProfile',
});
}
passwordPolicy.validate(settings.newPassword);
Accounts.setPassword(Meteor.userId(), settings.newPassword, {
logout: false,
});
}
Users.setProfile(Meteor.userId(), {});
if (customFields && Object.keys(customFields).length) {
saveCustomFields(Meteor.userId(), customFields);
}
return true;
},
});