core&ui: allow SU edit user profile & security (#561) (#562)

1 year ago · 4cb5444f3b
parent 82460cf8e9
commit 4cb5444f3b
5 changed files with 22 additions and 9 deletions
--- a/packages/hydrooj/src/handler/home.ts
+++ b/packages/hydrooj/src/handler/home.ts
@ -166,6 +166,7 @@ class HomeSecurityHandler extends Handler {
        }
        this.response.template = 'home_security.html';
        this.response.body = {
+            sudoUid: this.session.sudoUid || null,
            sessions,
            authenticators: this.user._authenticators.map((c) => pick(c, [
                'credentialID', 'name', 'credentialType', 'credentialDeviceType',
@ -180,9 +181,13 @@ class HomeSecurityHandler extends Handler {
    @param('current', Types.String)
    @param('password', Types.Password)
    @param('verifyPassword', Types.Password)
-    async postChangePassword(_: string, current: string, password: string, verify: string) {
+    async postChangePassword(domainId: string, current: string, password: string, verify: string) {
        if (password !== verify) throw new VerifyPasswordError();
-        this.user.checkPassword(current);
+        if (this.session.sudoUid) {
+            const udoc = await user.getById(domainId, this.session.sudoUid);
+            if (!udoc) throw new UserNotFoundError(this.session.sudoUid);
+            udoc.checkPassword(current);
+        } else this.user.checkPassword(current);
        await user.setPassword(this.user._id, password);
        await token.delByUid(this.user._id);
        this.response.redirect = this.url('user_login');
@ -194,7 +199,11 @@ class HomeSecurityHandler extends Handler {
    async postChangeMail(domainId: string, current: string, email: string) {
        const mailDomain = email.split('@')[1];
        if (await BlackListModel.get(`mail::${mailDomain}`)) throw new BlacklistedError(mailDomain);
-        this.user.checkPassword(current);
+        if (this.session.sudoUid) {
+            const udoc = await user.getById(domainId, this.session.sudoUid);
+            if (!udoc) throw new UserNotFoundError(this.session.sudoUid);
+            udoc.checkPassword(current);
+        } else this.user.checkPassword(current);
        const udoc = await user.getByEmail(domainId, email);
        if (udoc) throw new UserAlreadyExistError(email);
        await this.limitRate('send_mail', 3600, 30);
--- a/packages/hydrooj/src/handler/misc.ts
+++ b/packages/hydrooj/src/handler/misc.ts
@ -12,7 +12,7 @@ import storage from '../model/storage';
 import * as system from '../model/system';
 import user from '../model/user';
 import {
-    Handler, param, post, Types,
+    Handler, param, post, requireSudo, Types,
 } from '../service/server';
 import { encodeRFC5987ValueChars } from '../service/storage';
 import { builtinConfig } from '../settings';
@ -122,8 +122,10 @@ export class StorageHandler extends Handler {
 }

 export class SwitchAccountHandler extends Handler {
+    @requireSudo
    @param('uid', Types.Int)
    async get(domainId: string, uid: number) {
+        this.session.sudoUid = this.user._id;
        this.session.uid = uid;
        this.back();
    }
@ -134,5 +136,5 @@ export async function apply(ctx) {
    ctx.Route('home_files', '/file', FilesHandler);
    ctx.Route('fs_download', '/file/:uid/:filename', FSDownloadHandler);
    ctx.Route('storage', '/storage', StorageHandler);
-    ctx.Route('switch_account', '/account', SwitchAccountHandler, PRIV.PRIV_EDIT_SYSTEM);
+    ctx.Route('switch_account', '/account/:uid', SwitchAccountHandler, PRIV.PRIV_EDIT_SYSTEM);
 }
--- a/packages/ui-default/components/navigation/navigation.page.js
+++ b/packages/ui-default/components/navigation/navigation.page.js
@ -18,8 +18,9 @@ async function handlerSwitchAccount(ev) {
  const target = await selectUser('Hint::icon::switch_account');
  if (!target) return;
  try {
-    await request.get('/account', { uid: target._id });
-    window.location.reload();
+    const res = await request.get(`/account/${target._id}`);
+    if (res.url) window.location.href = res.url;
+    else window.location.reload();
  } catch (error) {
    Notification.error(error.message);
  }
--- a/packages/ui-default/locales/zh.yaml
+++ b/packages/ui-default/locales/zh.yaml
@ -832,6 +832,7 @@ Submitted: 已递交
 Subtask {0}: 子任务 {0}
 Subtasks: 子任务
 SuperUser: 超级管理员
+SuperUser's Password: 超级管理员的密码
 Support: 支持
 Switch account: 切换账户
 Tags: 标签
--- a/packages/ui-default/templates/home_security.html
+++ b/packages/ui-default/templates/home_security.html
@ -20,7 +20,7 @@
        <form method="post">
          {{ form.form_text({
               type:'password',
-               label:'Current Password',
+               label:"SuperUser's Password" if sudoUid else 'Current Password',
               columns:10,
               name:'password',
               required:true
@ -57,7 +57,7 @@
        <form method="post">
          {{ form.form_text({
               type:'password',
-               label:'Current Password',
+               label:"SuperUser's Password" if sudoUid else 'Current Password',
               columns:10,
               name:'current',
               required:true