mirror of
				https://github.com/SillyTavern/SillyTavern.git
				synced 2025-06-05 21:59:27 +02:00 
			
		
		
		
	Ask for password before resetting settings
This commit is contained in:
		| @@ -263,4 +263,13 @@ function configureDiscreetLogin() { | ||||
|     } | ||||
|     document.getElementById('shadow_popup').style.opacity = ''; | ||||
|     $('#cancelRecovery').on('click', onCancelRecoveryClick); | ||||
|     $(document).on('keydown', (evt) => { | ||||
|         if (evt.key === 'Enter' && document.activeElement.tagName === 'INPUT') { | ||||
|             if ($('#passwordRecoveryBlock').is(':visible')) { | ||||
|                 $('#sendRecovery').trigger('click'); | ||||
|             } else { | ||||
|                 $('#loginButton').trigger('click'); | ||||
|             } | ||||
|         } | ||||
|     }); | ||||
| })(); | ||||
|   | ||||
| @@ -5,4 +5,9 @@ | ||||
|     <div data-i18n="Don't forget to save a snapshot of your settings before proceeding."> | ||||
|         Don't forget to save a snapshot of your settings before proceeding. | ||||
|     </div> | ||||
|     <hr> | ||||
|     <div> | ||||
|         Enter your password below to confirm: | ||||
|     </div> | ||||
|     <input id="resetSettingsPassword" name="password" type="password" class="text_pole" placeholder="Password"> | ||||
| </div> | ||||
|   | ||||
| @@ -364,7 +364,11 @@ async function deleteUser(handle, callback) { | ||||
|  */ | ||||
| async function resetSettings(handle, callback) { | ||||
|     try { | ||||
|         let password = ''; | ||||
|         const template = $(renderTemplate('resetSettings')); | ||||
|         template.find('input[name="password"]').on('input', function () { | ||||
|             password = String($(this).val()); | ||||
|         }); | ||||
|         const result = await callGenericPopup(template, POPUP_TYPE.CONFIRM, '', { okButton: 'Reset', cancelButton: 'Cancel', wide: false, large: false }); | ||||
|  | ||||
|         if (result !== POPUP_RESULT.AFFIRMATIVE) { | ||||
| @@ -374,7 +378,7 @@ async function resetSettings(handle, callback) { | ||||
|         const response = await fetch('/api/users/reset-settings', { | ||||
|             method: 'POST', | ||||
|             headers: getRequestHeaders(), | ||||
|             body: JSON.stringify({ handle }), | ||||
|             body: JSON.stringify({ handle, password }), | ||||
|         }); | ||||
|  | ||||
|         if (!response.ok) { | ||||
|   | ||||
| @@ -157,7 +157,7 @@ router.post('/create', requireAdminMiddleware, jsonParser, async (request, respo | ||||
|         } | ||||
|  | ||||
|         const handles = await getAllUserHandles(); | ||||
|         const handle = slugify(request.body.handle, { lower: true, trim: true, remove: /[^a-z0-9-]/g }); | ||||
|         const handle = slugify(String(request.body.handle).toLowerCase(), { lower: true, trim: true, remove: /[^a-z0-9-]/g }); | ||||
|  | ||||
|         if (!handle) { | ||||
|             console.log('Create user failed: Invalid handle'); | ||||
|   | ||||
| @@ -117,6 +117,13 @@ router.post('/backup', jsonParser, async (request, response) => { | ||||
|  | ||||
| router.post('/reset-settings', jsonParser, async (request, response) => { | ||||
|     try { | ||||
|         const password = request.body.password; | ||||
|  | ||||
|         if (request.user.profile.password && request.user.profile.password !== getPasswordHash(password, request.user.profile.salt)) { | ||||
|             console.log('Reset settings failed: Incorrect password'); | ||||
|             return response.status(401).json({ error: 'Incorrect password' }); | ||||
|         } | ||||
|  | ||||
|         const pathToFile = path.join(request.user.directories.root, SETTINGS_FILE); | ||||
|         await fsPromises.rm(pathToFile, { force: true }); | ||||
|         await contentManager.checkForNewContent([request.user.directories], [contentManager.CONTENT_TYPES.SETTINGS]); | ||||
|   | ||||
		Reference in New Issue
	
	Block a user