6 лет назад · 825131c65a
--- a/src/client/js/components/Me/PasswordSettings.jsx
+++ b/src/client/js/components/Me/PasswordSettings.jsx
@@ -20,21 +20,28 @@ class PasswordSettings extends React.Component {
 
				 
			
 
				     this.state = {
			
 
				       retrieveError: null,
			
 
				+      password: '',
			
 
				       oldPassword: '',
			
 
				       newPassword: '',
			
 
				       newPasswordConfirm: '',
			
 
				     };
			
 
				 
			
 
				-    this.retrievePassword();
			
 
				-
			
 
				     this.retrievePassword = this.retrievePassword.bind(this);
			
 
				     this.onClickSubmit = this.onClickSubmit.bind(this);
			
 
				     this.onChangeOldPassword = this.onChangeOldPassword.bind(this);
			
 
				   }
			
 
				 
			
 
				+  componentDidMount() {
			
 
				+    this.retrievePassword();
			
 
				+  }
			
 
				+
			
 
				   async retrievePassword() {
			
 
				+    const { appContainer } = this.props;
			
 
				+
			
 
				     try {
			
 
				-    // TODO GW-1136 create apiV3 for updating password
			
 
				+      const res = await appContainer.apiv3Get('/personal-setting/password');
			
 
				+      const { password } = res.data;
			
 
				+      this.setState({ password });
			
 
				     }
			
 
				     catch (err) {
			
 
				       this.setState({ retrieveError: err });
			
@@ -80,18 +87,18 @@ class PasswordSettings extends React.Component {
 
				         </div>
			
 
				         {(this.state.password != null)
			
 
				         && (
			
 
				-        <div className="row mb-3">
			
 
				-          <label htmlFor="oldPassword" className="col-xs-3 text-right">{ t('personal_settings.current_password') }</label>
			
 
				-          <div className="col-xs-6">
			
 
				-            <input
			
 
				-              className="form-control"
			
 
				-              type="password"
			
 
				-              name="oldPassword"
			
 
				-              value={this.state.oldPassword}
			
 
				-              onChange={(e) => { this.onChangeOldPassword(e.target.value) }}
			
 
				-            />
			
 
				+          <div className="row mb-3">
			
 
				+            <label htmlFor="oldPassword" className="col-xs-3 text-right">{ t('personal_settings.current_password') }</label>
			
 
				+            <div className="col-xs-6">
			
 
				+              <input
			
 
				+                className="form-control"
			
 
				+                type="password"
			
 
				+                name="oldPassword"
			
 
				+                value={this.state.oldPassword}
			
 
				+                onChange={(e) => { this.onChangeOldPassword(e.target.value) }}
			
 
				+              />
			
 
				+            </div>
			
 
				           </div>
			
 
				-        </div>
			
 
				         )}
			
 
				         <div className="row mb-3">
			
 
				           <label htmlFor="newPassword" className="col-xs-3 text-right">{t('personal_settings.new_password') }</label>
			
--- a/src/server/routes/apiv3/personal-setting.js
+++ b/src/server/routes/apiv3/personal-setting.js
@@ -35,6 +35,7 @@ const ErrorV3 = require('../../models/vo/error-apiv3');
 
				  *            type: boolean
			
 
				  */
			
 
				 module.exports = (crowi) => {
			
 
				+  const accessTokenParser = require('../../middleware/access-token-parser')(crowi);
			
 
				   const loginRequiredStrictly = require('../../middleware/login-required')(crowi);
			
 
				   const csrf = require('../../middleware/csrf')(crowi);
			
 
				 
			
@@ -72,7 +73,7 @@ module.exports = (crowi) => {
 
				    *                      type: object
			
 
				    *                      description: personal params
			
 
				    */
			
 
				-  router.get('/', loginRequiredStrictly, async(req, res) => {
			
 
				+  router.get('/', accessTokenParser, loginRequiredStrictly, async(req, res) => {
			
 
				     const currentUser = await User.findUserByUsername(req.user.username);
			
 
				     return res.apiv3({ currentUser });
			
 
				   });
			
@@ -103,7 +104,7 @@ module.exports = (crowi) => {
 
				    *                      type: object
			
 
				    *                      description: personal params
			
 
				    */
			
 
				-  router.put('/', loginRequiredStrictly, csrf, validator.personal, ApiV3FormValidator, async(req, res) => {
			
 
				+  router.put('/', accessTokenParser, loginRequiredStrictly, csrf, validator.personal, ApiV3FormValidator, async(req, res) => {
			
 
				 
			
 
				     try {
			
 
				       const user = await User.findOne({ _id: req.user.id });
			
@@ -143,7 +144,7 @@ module.exports = (crowi) => {
 
				    *                      type: object
			
 
				    *                      description: array of external accounts
			
 
				    */
			
 
				-  router.get('/external-accounts', loginRequiredStrictly, async(req, res) => {
			
 
				+  router.get('/external-accounts', accessTokenParser, loginRequiredStrictly, async(req, res) => {
			
 
				     const userData = req.user;
			
 
				 
			
 
				     try {
			
@@ -157,5 +158,20 @@ module.exports = (crowi) => {
 
				 
			
 
				   });
			
 
				 
			
 
				+  // TODO swagger
			
 
				+  router.get('/password', accessTokenParser, loginRequiredStrictly, async(req, res) => {
			
 
				+
			
 
				+    try {
			
 
				+      const user = await User.findOne({ _id: req.user.id });
			
 
				+      const { password } = user;
			
 
				+      return res.apiv3({ password });
			
 
				+    }
			
 
				+    catch (err) {
			
 
				+      logger.error(err);
			
 
				+      return res.apiv3Err('get-accounts-password');
			
 
				+    }
			
 
				+  });
			
 
				+
			
 
				+
			
 
				   return router;
			
 
				 };