AZEN-SGG/Kavita
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Stat hotfix (#1748)

Browse source 
* Fixed a bug where a divide by 0 could occur

* Email change now requires a password
This commit is contained in:
Joe Milazzo 2023-01-15 14:16:51 +08:00 committed by GitHub
parent 7e55134e6b
commit 3e1d0f39f0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 34 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

10
API/Controllers/AccountController.cs
View file

@ -289,7 +289,15 @@ public class AccountController : BaseApiController
var user = await _unitOfWork.UserRepository.GetUserByUsernameAsync(User.GetUsername());
if (user == null) return Unauthorized("You do not have permission");
if (dto == null || string.IsNullOrEmpty(dto.Email)) return BadRequest("Invalid payload");
if (dto == null || string.IsNullOrEmpty(dto.Email) || string.IsNullOrEmpty(dto.Password)) return BadRequest("Invalid payload");
// Validate this user's password
if (! await _userManager.CheckPasswordAsync(user, dto.Password))
{
_logger.LogCritical("A user tried to change {UserName}'s email, but password didn't validate", user.UserName);
return BadRequest("You do not have permission");
}
// Validate no other users exist with this email
if (user.Email.Equals(dto.Email)) return Ok("Nothing to do");