/* * SPDX-FileCopyrightText: syuilo and other misskey contributors * SPDX-License-Identifier: AGPL-3.0-only */ import bcrypt from 'bcryptjs'; import { Inject, Injectable } from '@nestjs/common'; import { Endpoint } from '@/server/api/endpoint-base.js'; import type { UserProfilesRepository } from '@/models/_.js'; import { DI } from '@/di-symbols.js'; import { UserAuthService } from '@/core/UserAuthService.js'; import { ApiError } from '@/server/api/error.js'; export const meta = { requireCredential: true, secure: true, errors: { incorrectPassword: { message: 'Incorrect password.', code: 'INCORRECT_PASSWORD', id: 'f5bcd508-adcf-40b1-9031-2e944a5d8390', }, authenticationFailed: { message: 'Authentication failed.', code: 'AUTHENTICATION_FAILED', id: '97fee157-34eb-4b0d-8fc3-375d0040f807', }, }, } as const; export const paramDef = { type: 'object', properties: { currentPassword: { type: 'string' }, newPassword: { type: 'string', minLength: 1 }, token: { type: 'string', nullable: true }, }, required: ['currentPassword', 'newPassword'], } as const; @Injectable() export default class extends Endpoint { // eslint-disable-line import/no-default-export constructor( @Inject(DI.userProfilesRepository) private userProfilesRepository: UserProfilesRepository, private userAuthService: UserAuthService, ) { super(meta, paramDef, async (ps, me) => { const profile = await this.userProfilesRepository.findOneByOrFail({ userId: me.id }); const passwordMatched = await bcrypt.compare(ps.currentPassword, profile.password!); if (!passwordMatched) { throw new ApiError(meta.errors.incorrectPassword); } if (profile.twoFactorEnabled) { const token = ps.token; if (token == null) { throw new ApiError(meta.errors.authenticationFailed); } await this.userAuthService.twoFactorAuthenticate(profile, token); } // Generate hash of password const salt = await bcrypt.genSalt(8); const hash = await bcrypt.hash(ps.newPassword, salt); await this.userProfilesRepository.update(me.id, { password: hash, }); }); } }