-
Notifications
You must be signed in to change notification settings - Fork 11.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FIX] Verified property of user is always set to false if not supplied #9719
Conversation
fixing bug, when calling saveUser method without the field verified, it was setting always to false.
added endpoint to update a user's basic informations.
Added a new endpoint to prevent any breaking change, which might happen if we modified the |
@@ -167,7 +167,9 @@ RocketChat.saveUser = function(userId, userData) { | |||
updateUser.$set.requirePasswordChange = userData.requirePasswordChange; | |||
} | |||
|
|||
updateUser.$set['emails.0.verified'] = !!userData.verified; | |||
if (userData.verified) { | |||
updateUser.$set['emails.0.verified'] = true; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can't I set as not verified? Shouldn't be more correct to check if userData.verified
is boolean and then allow to change, that way we do not require to pass that information but allow admins to revert some mistake.
userData.typedPassword = SHA256(this.bodyParams.data.actualPassword); | ||
} | ||
|
||
Meteor.runAsUser(this.bodyParams.userId, () => Meteor.call('saveUserProfile', userData, this.bodyParams.customFields)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That way you are allowing anyone to change other's user information, should run as the authenticated user
email: Match.Maybe(String), | ||
name: Match.Maybe(String), | ||
username: Match.Maybe(String), | ||
actualPassword: Match.Maybe(String), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wouldn't be better currentPassword
rather than actualPassword
?
fix some issues requested in the last review about users.updateOwnBasicInfo endpoint.
Change the current password, to be send in sha256, and change sendVerificationEmail method
fix lint error
…update [FIX] Verified property of user is always set to false if not supplied
@RocketChat/core
Closes #9718
Added verification before update the user, because was being setting
verified
property always to false, if was not supplied.