diff options
author | JoramWilander <jwawilander@gmail.com> | 2015-07-22 15:36:58 -0400 |
---|---|---|
committer | JoramWilander <jwawilander@gmail.com> | 2015-07-22 15:36:58 -0400 |
commit | dd970604d1790aa8b35a42862bace300c601f325 (patch) | |
tree | b9f8fef0f27e24e7eb47b45529426b702750f22c | |
parent | 56a0a7d1e1fbd9405559a9c6e32962155d9cc562 (diff) | |
download | chat-dd970604d1790aa8b35a42862bace300c601f325.tar.gz chat-dd970604d1790aa8b35a42862bace300c601f325.tar.bz2 chat-dd970604d1790aa8b35a42862bace300c601f325.zip |
add check on server to prevent password updating for users who log in through oauth
-rw-r--r-- | api/user.go | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/api/user.go b/api/user.go index 7a688f28b..03f8b9e3e 100644 --- a/api/user.go +++ b/api/user.go @@ -821,6 +821,13 @@ func updatePassword(c *Context, w http.ResponseWriter, r *http.Request) { tchan := Srv.Store.Team().Get(user.TeamId) + if user.AuthData != "" { + c.LogAudit("failed - tried to update user password who was logged in through oauth") + c.Err = model.NewAppError("updatePassword", "Update password failed because the user is logged in through an OAuth service", "auth_service="+user.AuthService) + c.Err.StatusCode = http.StatusForbidden + return + } + if !model.ComparePassword(user.Password, currentPassword) { c.Err = model.NewAppError("updatePassword", "Update password failed because of invalid password", "") c.Err.StatusCode = http.StatusForbidden |