nodemailer/wildduck
1
1
Fork 0
mirror of https://github.com/nodemailer/wildduck.git synced 2025-10-05 19:34:38 +08:00
Code Issues Projects Releases Packages Wiki Activity

allow ip and sess for all API calls. added hashedPassword argument for user create and update

Browse source
This commit is contained in:
Andris Reinman 2018-09-07 09:58:05 +03:00
parent cf42af617e
commit 573787f1c3
17 changed files with 357 additions and 63 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
api.js
View file

@ -184,6 +184,9 @@ server.use(
})
);
logger.token('user-ip', req => ((req.body && req.body.ip) || (req.query && req.query.ip)).toString().substr(0, 40) || '-');
logger.token('user-sess', req => (req.body && req.body.sess) || (req.query && req.query.sess) || '-');
logger.token('user', req => (req.user && req.user.toString()) || '-');
logger.token('url', req => {
if (/\baccessToken=/.test(req.url)) {
@ -193,7 +196,7 @@ logger.token('url', req => {
});
server.use(
logger(':remote-addr :user :method :url :status :time-spent :append', {
logger(':remote-addr :user [:user-ip/:user-sess] :method :url :status :time-spent :append', {
stream: {
write: message => {
message = (message || '').toString();

2
docs/api_data.js
View file

File diff suppressed because one or more lines are too long

2
docs/api_data.json
View file

File diff suppressed because one or more lines are too long

2
docs/api_project.js
View file

@ -1 +1 @@
define({ "name": "wildduck", "version": "1.0.0", "description": "WildDuck API docs", "title": "WildDuck API", "url": "https://api.wildduck.email", "sampleUrl": false, "defaultVersion": "0.0.0", "apidoc": "0.3.0", "generator": { "name": "apidoc", "time": "2018-09-03T05:52:33.526Z", "url": "http://apidocjs.com", "version": "0.17.6" } });
define({ "name": "wildduck", "version": "1.0.0", "description": "WildDuck API docs", "title": "WildDuck API", "url": "https://api.wildduck.email", "sampleUrl": false, "defaultVersion": "0.0.0", "apidoc": "0.3.0", "generator": { "name": "apidoc", "time": "2018-09-07T06:53:41.177Z", "url": "http://apidocjs.com", "version": "0.17.6" } });

2
docs/api_project.json
View file

@ -1 +1 @@
{ "name": "wildduck", "version": "1.0.0", "description": "WildDuck API docs", "title": "WildDuck API", "url": "https://api.wildduck.email", "sampleUrl": false, "defaultVersion": "0.0.0", "apidoc": "0.3.0", "generator": { "name": "apidoc", "time": "2018-09-03T05:52:33.526Z", "url": "http://apidocjs.com", "version": "0.17.6" } }
{ "name": "wildduck", "version": "1.0.0", "description": "WildDuck API docs", "title": "WildDuck API", "url": "https://api.wildduck.email", "sampleUrl": false, "defaultVersion": "0.0.0", "apidoc": "0.3.0", "generator": { "name": "apidoc", "time": "2018-09-07T06:53:41.177Z", "url": "http://apidocjs.com", "version": "0.17.6" } }

84
lib/api/addresses.js
View file

@ -102,7 +102,12 @@ module.exports = (db, server) => {
.empty('')
.mongoCursor()
.max(1024),
page: Joi.number().default(1)
page: Joi.number().default(1),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.query, schema, {
@ -317,7 +322,12 @@ module.exports = (db, server) => {
Joi.string()
.trim()
.max(128)
)
),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -557,7 +567,12 @@ module.exports = (db, server) => {
.hex()
.lowercase()
.length(24)
.required()
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -708,7 +723,12 @@ module.exports = (db, server) => {
.hex()
.lowercase()
.length(24)
.required()
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -868,7 +888,12 @@ module.exports = (db, server) => {
Joi.string()
.trim()
.max(128)
)
),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -1122,7 +1147,12 @@ module.exports = (db, server) => {
.hex()
.lowercase()
.length(24)
.required()
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -1348,7 +1378,12 @@ module.exports = (db, server) => {
Joi.string()
.trim()
.max(128)
)
),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -1681,7 +1716,12 @@ module.exports = (db, server) => {
Joi.string()
.trim()
.max(128)
)
),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -1954,7 +1994,12 @@ module.exports = (db, server) => {
.hex()
.lowercase()
.length(24)
.required()
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -2089,7 +2134,12 @@ module.exports = (db, server) => {
.hex()
.lowercase()
.length(24)
.required()
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -2258,7 +2308,12 @@ module.exports = (db, server) => {
.length(24)
.required(),
Joi.string().email()
]
],
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -2405,7 +2460,12 @@ module.exports = (db, server) => {
const schema = Joi.object().keys({
oldDomain: Joi.string().required(),
newDomain: Joi.string().required()
newDomain: Joi.string().required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {

7
lib/api/asps.js
View file

@ -65,7 +65,12 @@ module.exports = (db, server, userHandler) => {
.hex()
.lowercase()
.length(24)
.required()
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {

18
lib/api/auth.js
View file

@ -267,10 +267,6 @@ module.exports = (db, server, userHandler) => {
.lowercase()
.empty('')
.max(100),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
}),
limit: Joi.number()
.default(20)
.min(1)
@ -285,7 +281,12 @@ module.exports = (db, server, userHandler) => {
.max(1024),
page: Joi.number()
.empty('')
.default(1)
.default(1),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
req.query.user = req.params.user;
@ -467,7 +468,12 @@ module.exports = (db, server, userHandler) => {
.hex()
.lowercase()
.length(24)
.required()
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {

21
lib/api/autoreply.js
View file

@ -83,7 +83,12 @@ module.exports = (db, server) => {
.allow(false),
end: Joi.date()
.empty('')
.allow(false)
.allow(false),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -209,7 +214,12 @@ module.exports = (db, server) => {
.hex()
.lowercase()
.length(24)
.required()
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -290,7 +300,12 @@ module.exports = (db, server) => {
.hex()
.lowercase()
.length(24)
.required()
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {

28
lib/api/dkim.js
View file

@ -98,7 +98,12 @@ module.exports = (db, server) => {
.empty('')
.mongoCursor()
.max(1024),
page: Joi.number().default(1)
page: Joi.number().default(1),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.query, schema, {
@ -263,7 +268,12 @@ module.exports = (db, server) => {
description: Joi.string()
.max(255)
//.hostname()
.trim()
.trim(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -355,7 +365,12 @@ module.exports = (db, server) => {
.hex()
.lowercase()
.length(24)
.required()
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -428,7 +443,12 @@ module.exports = (db, server) => {
.hex()
.lowercase()
.length(24)
.required()
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {

35
lib/api/domainaliases.js
View file

@ -82,7 +82,12 @@ module.exports = (db, server) => {
.empty('')
.mongoCursor()
.max(1024),
page: Joi.number().default(1)
page: Joi.number().default(1),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.query, schema, {
@ -235,7 +240,12 @@ module.exports = (db, server) => {
domain: Joi.string()
.max(255)
//.hostname()
.required()
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -346,7 +356,12 @@ module.exports = (db, server) => {
alias: Joi.string()
.max(255)
//.hostname()
.required()
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -443,7 +458,12 @@ module.exports = (db, server) => {
.hex()
.lowercase()
.length(24)
.required()
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -534,7 +554,12 @@ module.exports = (db, server) => {
.hex()
.lowercase()
.length(24)
.required()
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {

35
lib/api/filters.js
View file

@ -67,7 +67,12 @@ module.exports = (db, server) => {
.hex()
.lowercase()
.length(24)
.required()
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -242,7 +247,12 @@ module.exports = (db, server) => {
.hex()
.lowercase()
.length(24)
.required()
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -380,7 +390,12 @@ module.exports = (db, server) => {
.hex()
.lowercase()
.length(24)
.required()
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -560,7 +575,12 @@ module.exports = (db, server) => {
)
.empty('')
})
.default({})
.default({}),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -861,7 +881,12 @@ module.exports = (db, server) => {
)
.empty('')
})
.default({})
.default({}),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {

35
lib/api/mailboxes.js
View file

@ -98,7 +98,12 @@ module.exports = (db, server, mailboxHandler) => {
counters: Joi.boolean()
.truthy(['Y', 'true', 'yes', 'on', 1])
.falsy(['N', 'false', 'no', 'off', 0, ''])
.default(false)
.default(false),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
if (req.query.counters) {
@ -301,7 +306,12 @@ module.exports = (db, server, mailboxHandler) => {
path: Joi.string()
.regex(/\/{2,}|\/$/g, { invert: true })
.required(),
retention: Joi.number().min(0)
retention: Joi.number().min(0),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -429,7 +439,12 @@ module.exports = (db, server, mailboxHandler) => {
.lowercase()
.length(24)
.allow('resolve')
.required()
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -606,7 +621,12 @@ module.exports = (db, server, mailboxHandler) => {
retention: Joi.number().min(0),
subscribed: Joi.boolean()
.truthy(['Y', 'true', 'yes', 'on', 1])
.falsy(['N', 'false', 'no', 'off', 0, ''])
.falsy(['N', 'false', 'no', 'off', 0, '']),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -720,7 +740,12 @@ module.exports = (db, server, mailboxHandler) => {
.hex()
.lowercase()
.length(24)
.required()
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {

84
lib/api/messages.js
View file

@ -184,7 +184,12 @@ module.exports = (db, server, messageHandler) => {
.max(1024),
page: Joi.number()
.empty('')
.default(1)
.default(1),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
req.query.user = req.params.user;
@ -494,7 +499,12 @@ module.exports = (db, server, messageHandler) => {
.empty('')
.mongoCursor()
.max(1024),
page: Joi.number().default(1)
page: Joi.number().default(1),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
req.query.user = req.params.user;
@ -931,7 +941,12 @@ module.exports = (db, server, messageHandler) => {
markAsSeen: Joi.boolean()
.truthy(['Y', 'true', 'yes', 'on', 1])
.falsy(['N', 'false', 'no', 'off', 0, ''])
.default(false)
.default(false),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
if (req.query.replaceCidLinks) {
@ -1227,7 +1242,12 @@ module.exports = (db, server, messageHandler) => {
.required(),
message: Joi.number()
.min(1)
.required()
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -1406,7 +1426,12 @@ module.exports = (db, server, messageHandler) => {
.required(),
message: Joi.number()
.min(1)
.required()
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -1751,7 +1776,12 @@ module.exports = (db, server, messageHandler) => {
.truthy(['Y', 'true', 'yes', 'on', 1])
.falsy(['N', 'false', 'no', 'off', 0, ''])
.allow(false)
)
),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -1924,7 +1954,12 @@ module.exports = (db, server, messageHandler) => {
.required(),
message: Joi.number()
.min(1)
.required()
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -2297,7 +2332,12 @@ module.exports = (db, server, messageHandler) => {
target: Joi.number()
.min(1)
.max(1000),
addresses: Joi.array().items(Joi.string().email())
addresses: Joi.array().items(Joi.string().email()),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -2574,7 +2614,12 @@ module.exports = (db, server, messageHandler) => {
.default('desc'),
page: Joi.number()
.empty('')
.default(1)
.default(1),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
req.query.user = req.params.user;
@ -2821,7 +2866,12 @@ module.exports = (db, server, messageHandler) => {
replaceCidLinks: Joi.boolean()
.truthy(['Y', 'true', 'yes', 'on', 1])
.falsy(['N', 'false', 'no', 'off', 0, ''])
.default(false)
.default(false),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
if (req.query.replaceCidLinks) {
@ -3053,7 +3103,12 @@ module.exports = (db, server, messageHandler) => {
attachment: Joi.string()
.regex(/^ATT\d+$/i)
.uppercase()
.required()
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -3208,7 +3263,12 @@ module.exports = (db, server, messageHandler) => {
mailbox: Joi.string()
.hex()
.lowercase()
.length(24)
.length(24),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {

7
lib/api/updates.js
View file

@ -63,7 +63,12 @@ module.exports = (db, server, notifier) => {
'Last-Event-ID': Joi.string()
.hex()
.lowercase()
.length(24)
.length(24),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
if (req.header('Last-Event-ID')) {

27
lib/api/users.js
View file

@ -129,7 +129,12 @@ module.exports = (db, server, userHandler) => {
.empty('')
.mongoCursor()
.max(1024),
page: Joi.number().default(1)
page: Joi.number().default(1),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.query, schema, {
@ -305,6 +310,7 @@ module.exports = (db, server, userHandler) => {
* @apiParam {String} name Username of the User. Dots are allowed but informational only (<em>"user.name"</em> is the same as <em>"username"</em>).
* @apiParam {String} [name] Name of the User
* @apiParam {String} password Password for the account. Set to boolean <code>false</code> to disable password usage
* @apiParam {Boolean} [hashedPassword] If <code>true</code> then password is already hashed, so store as is (needs to be bcrypt <code>$2a</code>, <code>$2y</code> or <code>$2b</code>)
* @apiParam {String} [address] Default email address for the User (autogenerated if not set)
* @apiParam {Boolean} [emptyAddress] If true then do not autogenerate missing email address for the User. Only needed if you want to create an user account that does not have any email address associated
* @apiParam {Boolean} [requirePasswordChange] If true then requires the user to change password, useful if password for the account was autogenerated
@ -389,6 +395,10 @@ module.exports = (db, server, userHandler) => {
.allow(false)
.max(256)
.required(),
hashedPassword: Joi.boolean()
.truthy(['Y', 'true', 'yes', 'on', 1])
.falsy(['N', 'false', 'no', 'off', 0, ''])
.default(false),
address: Joi.string().email(),
emptyAddress: Joi.boolean()
@ -648,7 +658,12 @@ module.exports = (db, server, userHandler) => {
.regex(/^[a-z0-9][a-z0-9.]+[a-z0-9]$/, 'username')
.min(3)
.max(32)
.required()
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -829,7 +844,12 @@ module.exports = (db, server, userHandler) => {
.hex()
.lowercase()
.length(24)
.required()
.required(),
sess: Joi.string().max(255),
ip: Joi.string().ip({
version: ['ipv4', 'ipv6'],
cidr: 'forbidden'
})
});
const result = Joi.validate(req.params, schema, {
@ -1029,6 +1049,7 @@ module.exports = (db, server, userHandler) => {
* @apiParam {String} [name] Name of the User
* @apiParam {String} [existingPassword] If provided then validates against account password before applying any changes
* @apiParam {String} [password] New password for the account. Set to boolean <code>false</code> to disable password usage
* @apiParam {Boolean} [hashedPassword] If <code>true</code> then password is already hashed, so store as is (needs to be bcrypt <code>$2a</code>, <code>$2y</code> or <code>$2b</code>)
* @apiParam {String[]} [tags] A list of tags associated with this user
* @apiParam {Number} [retention] Default retention time in ms. Set to <code>0</code> to disable
* @apiParam {Boolean} [encryptMessages] If <code>true</code> then received messages are encrypted

26
lib/user-handler.js
View file

@ -997,6 +997,18 @@ class UserHandler {
// Users with an empty password can not log in
return done();
}
if (data.hashedPassword) {
// try if the bcrypt library can handle it?
return bcrypt.compare('whatever', data.password, err => {
if (err) {
return done(err);
}
// did not throw, so probably OK
return done(null, data.password);
});
}
bcrypt.hash(data.password, consts.BCRYPT_ROUNDS, done);
};
@ -2475,7 +2487,7 @@ class UserHandler {
let flushKeys = [];
Object.keys(data).forEach(key => {
if (['user', 'existingPassword', 'ip'].includes(key)) {
if (['user', 'existingPassword', 'ip', 'sess'].includes(key)) {
return;
}
@ -2542,6 +2554,18 @@ class UserHandler {
if (!$set.password) {
return done();
}
if (data.hashedPassword) {
// try if the bcrypt library can handle it?
return bcrypt.compare('whatever', $set.password, err => {
if (err) {
return done(err);
}
// did not throw, so probably OK, no need to update `$set.password`
return done();
});
}
bcrypt.hash($set.password, consts.BCRYPT_ROUNDS, (err, hash) => {
if (err) {
return done(err);