diff --git a/client/src/components/account.top.jsx b/client/src/components/account.top.jsx
index b2500d62..eb4acec0 100644
--- a/client/src/components/account.top.jsx
+++ b/client/src/components/account.top.jsx
@@ -19,8 +19,8 @@ const addState = connect(
} = state;
- function sendSetPassword(current, password) {
- postData('/account/password', { current, password })
+ function sendSetPassword(password) {
+ postData('/account/password', { password })
.then(res => res.json())
.then(data => {
if (data.error) return errorToast(data.error);
@@ -74,7 +74,7 @@ class AccountStatus extends Component {
super(props);
this.state = {
- passwordState: { current: '', password: '', confirm: ''},
+ passwordState: { password: '', confirm: ''},
emailState: null,
unsubState: false,
};
@@ -105,8 +105,8 @@ class AccountStatus extends Component {
passwordState.password === passwordState.confirm;
const setPasswordDisabled = () => {
- const { current, password, confirm } = passwordState;
- return !(passwordsEqual() && password && current && confirm);
+ const { password, confirm } = passwordState;
+ return !(passwordsEqual() && password && confirm);
}
const tlClick = e => {
@@ -173,15 +173,7 @@ class AccountStatus extends Component {
Password
-
-
+
diff --git a/server/src/account.rs b/server/src/account.rs
index 08d1ca74..f180cf70 100644
--- a/server/src/account.rs
+++ b/server/src/account.rs
@@ -213,42 +213,42 @@ pub fn new_img(tx: &mut Transaction, id: Uuid) -> Result {
Account::try_from(row)
}
-pub fn set_password(tx: &mut Transaction, id: Uuid, current: &String, password: &String) -> Result {
+pub fn set_password(tx: &mut Transaction, id: Uuid, password: &String) -> Result {
if password.len() < PASSWORD_MIN_LEN || password.len() > 100 {
return Err(MnmlHttpError::PasswordUnacceptable);
}
- let query = "
- SELECT id, password
- FROM accounts
- WHERE id = $1
- ";
+ // let query = "
+ // SELECT id, password
+ // FROM accounts
+ // WHERE id = $1
+ // ";
- let result = tx
- .query(query, &[&id])?;
+ // let result = tx
+ // .query(query, &[&id])?;
- let row = match result.iter().next() {
- Some(row) => row,
- None => {
- let mut rng = thread_rng();
- let garbage: String = iter::repeat(())
- .map(|()| rng.sample(Alphanumeric))
- .take(64)
- .collect();
+ // let row = match result.iter().next() {
+ // Some(row) => row,
+ // None => {
+ // let mut rng = thread_rng();
+ // let garbage: String = iter::repeat(())
+ // .map(|()| rng.sample(Alphanumeric))
+ // .take(64)
+ // .collect();
- // verify garbage to prevent timing attacks
- verify(garbage.clone(), &garbage).ok();
- return Err(MnmlHttpError::AccountNotFound);
- },
- };
+ // // verify garbage to prevent timing attacks
+ // verify(garbage.clone(), &garbage).ok();
+ // return Err(MnmlHttpError::AccountNotFound);
+ // },
+ // };
- let id: Uuid = row.get(0);
- let db_pw: String = row.get(1);
+ // let id: Uuid = row.get(0);
+ // let db_pw: String = row.get(1);
- // return bad request to prevent being logged out
- if !verify(current, &db_pw)? {
- return Err(MnmlHttpError::BadRequest);
- }
+ // // return bad request to prevent being logged out
+ // if !verify(current, &db_pw)? {
+ // return Err(MnmlHttpError::BadRequest);
+ // }
let password = hash(&password, PASSWORD_ROUNDS)?;
diff --git a/server/src/http.rs b/server/src/http.rs
index 88e7b51b..34b3b994 100644
--- a/server/src/http.rs
+++ b/server/src/http.rs
@@ -369,7 +369,7 @@ fn recover(req: &mut Request) -> IronResult {
#[derive(Debug,Clone,Deserialize)]
struct SetPassword {
- current: String,
+ // current: String,
password: String,
}
@@ -385,7 +385,7 @@ fn set_password(req: &mut Request) -> IronResult {
let db = state.pool.get().or(Err(MnmlHttpError::DbError))?;
let mut tx = db.transaction().or(Err(MnmlHttpError::DbError))?;
- let token = account::set_password(&mut tx, a.id, ¶ms.current, ¶ms.password)?;
+ let token = account::set_password(&mut tx, a.id, ¶ms.password)?;
tx.commit().or(Err(MnmlHttpError::ServerError))?;
diff --git a/server/src/mail.rs b/server/src/mail.rs
index d5083021..8f3b351f 100644
--- a/server/src/mail.rs
+++ b/server/src/mail.rs
@@ -42,10 +42,10 @@ pub enum Mail {
fn recover(email: &String, name: &String, token: &String) -> SendableEmail {
let body = format!("{:},
the link below will recover your account.
-please change your password immediately in the account page.
-this link will expire in 48 hours or once used.
+please change your password immediately in the account page
+as this link will expire in 48 hours or once used.
-http://mnml.gg/api/account/recover?recover_token={:}
+https://mnml.gg/api/account/recover?recover_token={:}
glhf
--mnml", name, token);
@@ -63,7 +63,7 @@ glhf
fn confirm(email: &String, name: &String, token: &String) -> SendableEmail {
let confirm_body = format!("{:},
please click the link below to confirm your email
-http://mnml.gg/api/account/email/confirm?confirm_token={:}
+https://mnml.gg/api/account/email/confirm?confirm_token={:}
glhf
--mnml", name, token);