MCPcopy
hub / github.com/YMFE/yapi / changePassword

Method changePassword

server/controllers/user.js:222–261  ·  view source on GitHub ↗

* 修改用户密码 * @interface /user/change_password * @method POST * @category user * @param {Number} uid 用户ID * @param {Number} [old_password] 旧密码, 非admin用户必须传 * @param {Number} password 新密码 * @return {Object} * @example ./api/user/change_password.json

(ctx)

Source from the content-addressed store, hash-verified

220 * @example ./api/user/change_password.json
221 */
222 async changePassword(ctx) {
223 let params = ctx.request.body;
224 let userInst = yapi.getInst(userModel);
225
226 if (!params.uid) {
227 return (ctx.body = yapi.commons.resReturn(null, 400, 'uid不能为空'));
228 }
229
230 if (!params.password) {
231 return (ctx.body = yapi.commons.resReturn(null, 400, '密码不能为空'));
232 }
233
234 let user = await userInst.findById(params.uid);
235 if (this.getRole() !== 'admin' && params.uid != this.getUid()) {
236 return (ctx.body = yapi.commons.resReturn(null, 402, '没有权限'));
237 }
238
239 if (this.getRole() !== 'admin' || user.role === 'admin') {
240 if (!params.old_password) {
241 return (ctx.body = yapi.commons.resReturn(null, 400, '旧密码不能为空'));
242 }
243
244 if (yapi.commons.generatePassword(params.old_password, user.passsalt) !== user.password) {
245 return (ctx.body = yapi.commons.resReturn(null, 402, '旧密码错误'));
246 }
247 }
248
249 let passsalt = yapi.commons.randStr();
250 let data = {
251 up_time: yapi.commons.time(),
252 password: yapi.commons.generatePassword(params.password, passsalt),
253 passsalt: passsalt
254 };
255 try {
256 let result = await userInst.update(params.uid, data);
257 ctx.body = yapi.commons.resReturn(result);
258 } catch (e) {
259 ctx.body = yapi.commons.resReturn(null, 401, e.message);
260 }
261 }
262
263 async handlePrivateGroup(uid) {
264 var groupInst = yapi.getInst(groupModel);

Callers

nothing calls this directly

Calls 4

getRoleMethod · 0.80
findByIdMethod · 0.45
getUidMethod · 0.45
updateMethod · 0.45

Tested by

no test coverage detected