mirror of
https://github.com/filebrowser/filebrowser.git
synced 2026-01-22 18:27:42 +00:00
fix: request current password when deleting users (#5667)
This commit is contained in:
Ariel Leyva
GitHub
parent
59ca0c340a
commit
cfa6c5864e
3 changed files with 29 additions and 8 deletions
|
|
@ -42,8 +42,14 @@ export async function update(
|
|||
});
|
||||
}
|
||||
|
||||
export async function remove(id: number) {
|
||||
export async function remove(
|
||||
id: number,
|
||||
currentPassword: string | null = null
|
||||
) {
|
||||
await fetchURL(`/api/users/${id}`, {
|
||||
method: "DELETE",
|
||||
body: JSON.stringify({
|
||||
...(currentPassword != null ? { current_password: currentPassword } : {}),
|
||||
}),
|
||||
});
|
||||
}
|
||||
|
|
|
|||
|
|
@ -71,6 +71,7 @@ import { computed, inject, onMounted, ref, watch } from "vue";
|
|||
import { useRoute, useRouter } from "vue-router";
|
||||
import { useI18n } from "vue-i18n";
|
||||
import { StatusError } from "@/api/utils";
|
||||
import { authMethod } from "@/utils/constants";
|
||||
|
||||
const error = ref<StatusError>();
|
||||
const originalUser = ref<IUser>();
|
||||
|
|
@ -105,11 +106,7 @@ const fetchData = async () => {
|
|||
|
||||
try {
|
||||
if (isNew.value) {
|
||||
const {
|
||||
authMethod,
|
||||
defaults,
|
||||
createUserDir: _createUserDir,
|
||||
} = await settings.get();
|
||||
const { defaults, createUserDir: _createUserDir } = await settings.get();
|
||||
isCurrentPasswordRequired.value = authMethod == "json";
|
||||
createUserDir.value = _createUserDir;
|
||||
user.value = {
|
||||
|
|
@ -146,7 +143,7 @@ const deleteUser = async (e: Event) => {
|
|||
return false;
|
||||
}
|
||||
try {
|
||||
await api.remove(user.value.id);
|
||||
await api.remove(user.value.id, currentPassword.value);
|
||||
router.push({ path: "/settings/users" });
|
||||
$showSuccess(t("settings.userDeleted"));
|
||||
} catch (err) {
|
||||
|
|
|
|||
|
|
@ -103,7 +103,25 @@ var userGetHandler = withSelfOrAdmin(func(w http.ResponseWriter, r *http.Request
|
|||
return renderJSON(w, r, u)
|
||||
})
|
||||
|
||||
var userDeleteHandler = withSelfOrAdmin(func(_ http.ResponseWriter, _ *http.Request, d *data) (int, error) {
|
||||
var userDeleteHandler = withSelfOrAdmin(func(_ http.ResponseWriter, r *http.Request, d *data) (int, error) {
|
||||
if r.Body == nil {
|
||||
return http.StatusBadRequest, fberrors.ErrEmptyRequest
|
||||
}
|
||||
|
||||
var body struct {
|
||||
CurrentPassword string `json:"current_password"`
|
||||
}
|
||||
|
||||
if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
|
||||
return http.StatusBadRequest, err
|
||||
}
|
||||
|
||||
if d.settings.AuthMethod == auth.MethodJSONAuth {
|
||||
if !users.CheckPwd(body.CurrentPassword, d.user.Password) {
|
||||
return http.StatusBadRequest, fberrors.ErrCurrentPasswordIncorrect
|
||||
}
|
||||
}
|
||||
|
||||
err := d.store.Users.Delete(d.raw.(uint))
|
||||
if err != nil {
|
||||
return errToStatus(err), err
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue