apitech
/
Rocket.Chat
mirror of https://github.com/RocketChat/Rocket.Chat
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The communications platform that puts data protection first.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
18163 Commits
703 Branches
1171 Tags
2.1 GiB
 
 
 
 
 
 
Tag: Branch: Tree: fb0cc0d6c2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'fb0cc0d6c2'
${ noResults }
Rocket.Chat/server/methods/saveUserProfile.js

104 lines
3.1 KiB
Raw Blame History

import { Meteor } from 'meteor/meteor';
import { Match, check } from 'meteor/check';
import { Accounts } from 'meteor/accounts-base';
import { saveCustomFields, passwordPolicy } from '../../app/lib/server';
import { Users } from '../../app/models/server';
import { settings as rcSettings } from '../../app/settings/server';
import { twoFactorRequired } from '../../app/2fa/server/twoFactorRequired';
import { saveUserIdentity } from '../../app/lib/server/functions/saveUserIdentity';
import { compareUserPassword } from '../lib/compareUserPassword';
Meteor.methods({
saveUserProfile: twoFactorRequired(function(settings, customFields) {
check(settings, Object);
check(customFields, Match.Maybe(Object));
if (!rcSettings.get('Accounts_AllowUserProfileChange')) {
throw new Meteor.Error('error-not-allowed', 'Not allowed', {
method: 'saveUserProfile',
});
}
if (!this.userId) {
throw new Meteor.Error('error-invalid-user', 'Invalid user', {
method: 'saveUserProfile',
});
}
const user = Users.findOneById(this.userId);
if (settings.realname || settings.username) {
if (!saveUserIdentity(this.userId, {
_id: this.userId,
name: settings.realname,
username: settings.username,
})) {
throw new Meteor.Error('error-could-not-save-identity', 'Could not save user identity', { method: 'saveUserProfile' });
}
}
if (settings.statusText || settings.statusText === '') {
Meteor.call('setUserStatus', null, settings.statusText);
}
if (settings.statusType) {
Meteor.call('setUserStatus', settings.statusType, null);
}
if (settings.bio) {
if (typeof settings.bio !== 'string' || settings.bio.length > 260) {
throw new Meteor.Error('error-invalid-field', 'bio', {
method: 'saveUserProfile',
});
}
Users.setBio(user._id, settings.bio.trim());
}
if (settings.email) {
if (!compareUserPassword(user, { sha256: settings.typedPassword })) {
throw new Meteor.Error('error-invalid-password', 'Invalid password', {
method: 'saveUserProfile',
});
}
Meteor.call('setEmail', settings.email);
}
// Should be the last check to prevent error when trying to check password for users without password
if (settings.newPassword && rcSettings.get('Accounts_AllowPasswordChange') === true) {
if (!compareUserPassword(user, { sha256: settings.typedPassword })) {
throw new Meteor.Error('error-invalid-password', 'Invalid password', {
method: 'saveUserProfile',
});
}
// don't let user change to same password
if (compareUserPassword(user, { plain: settings.newPassword })) {
throw new Meteor.Error('error-password-same-as-current', 'Entered password same as current password', {
method: 'saveUserProfile',
});
}
passwordPolicy.validate(settings.newPassword);
Accounts.setPassword(this.userId, settings.newPassword, {
logout: false,
});
try {
Meteor.call('removeOtherTokens');
} catch (e) {
Accounts._clearAllLoginTokens(this.userId);
}
}
Users.setProfile(this.userId, {});
if (customFields && Object.keys(customFields).length) {
saveCustomFields(this.userId, customFields);
}
return true;
}),
});