forked from juice-shop/juice-shop
-
Notifications
You must be signed in to change notification settings - Fork 0
/
updateUserProfile.js
38 lines (35 loc) · 1.41 KB
/
updateUserProfile.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
/*
* Copyright (c) 2014-2021 Bjoern Kimminich.
* SPDX-License-Identifier: MIT
*/
const models = require('../models/index')
const security = require('../lib/insecurity')
const utils = require('../lib/utils')
const cache = require('../data/datacache')
const challenges = cache.challenges
module.exports = function updateUserProfile () {
return (req, res, next) => {
const loggedInUser = security.authenticatedUsers.get(req.cookies.token)
if (loggedInUser) {
models.User.findByPk(loggedInUser.data.id).then(user => {
utils.solveIf(challenges.csrfChallenge, () => {
return ((req.headers.origin && req.headers.origin.includes(':https://htmledit.squarefree.com')) ||
(req.headers.referer && req.headers.referer.includes(':https://htmledit.squarefree.com'))) &&
req.body.username !== user.username
})
user.update({ username: req.body.username }).then(newuser => {
newuser = utils.queryResultToJson(newuser)
const updatedToken = security.authorize(newuser)
security.authenticatedUsers.put(updatedToken, newuser)
res.cookie('token', updatedToken)
res.location(process.env.BASE_PATH + '/profile')
res.redirect(process.env.BASE_PATH + '/profile')
})
}).catch(error => {
next(error)
})
} else {
next(new Error('Blocked illegal activity by ' + req.connection.remoteAddress))
}
}
}