* 修改用户密码 * @interface /user/change_password * @method POST * @category user * @param {Number} uid 用户ID * @param {Number} [old_password] 旧密码, 非admin用户必须传 * @param {Number} password 新密码 * @return {Object} * @example ./api/user/change_password.json
(ctx)
| 220 | * @example ./api/user/change_password.json |
| 221 | */ |
| 222 | async changePassword(ctx) { |
| 223 | let params = ctx.request.body; |
| 224 | let userInst = yapi.getInst(userModel); |
| 225 | |
| 226 | if (!params.uid) { |
| 227 | return (ctx.body = yapi.commons.resReturn(null, 400, 'uid不能为空')); |
| 228 | } |
| 229 | |
| 230 | if (!params.password) { |
| 231 | return (ctx.body = yapi.commons.resReturn(null, 400, '密码不能为空')); |
| 232 | } |
| 233 | |
| 234 | let user = await userInst.findById(params.uid); |
| 235 | if (this.getRole() !== 'admin' && params.uid != this.getUid()) { |
| 236 | return (ctx.body = yapi.commons.resReturn(null, 402, '没有权限')); |
| 237 | } |
| 238 | |
| 239 | if (this.getRole() !== 'admin' || user.role === 'admin') { |
| 240 | if (!params.old_password) { |
| 241 | return (ctx.body = yapi.commons.resReturn(null, 400, '旧密码不能为空')); |
| 242 | } |
| 243 | |
| 244 | if (yapi.commons.generatePassword(params.old_password, user.passsalt) !== user.password) { |
| 245 | return (ctx.body = yapi.commons.resReturn(null, 402, '旧密码错误')); |
| 246 | } |
| 247 | } |
| 248 | |
| 249 | let passsalt = yapi.commons.randStr(); |
| 250 | let data = { |
| 251 | up_time: yapi.commons.time(), |
| 252 | password: yapi.commons.generatePassword(params.password, passsalt), |
| 253 | passsalt: passsalt |
| 254 | }; |
| 255 | try { |
| 256 | let result = await userInst.update(params.uid, data); |
| 257 | ctx.body = yapi.commons.resReturn(result); |
| 258 | } catch (e) { |
| 259 | ctx.body = yapi.commons.resReturn(null, 401, e.message); |
| 260 | } |
| 261 | } |
| 262 | |
| 263 | async handlePrivateGroup(uid) { |
| 264 | var groupInst = yapi.getInst(groupModel); |