修改密码

@@ -382,10 +382,18 @@ const validate2 = (req, res, next) => {
         let uid = req.user.uid;
         let body = req.body;
 
+        if (!req.session.safeAccount) {
+            return res.send({
+                code: 400,
+                message: '修改失败，请重新验证身份'
+            });
+        }
+
         if (type === 'password') {
             let a = yield accountModel.changePwd(uid, body.password);
 
             if (a.code === 200) {
+                req.session.safeAccount = false;
                 cookieHelper.setVal(res, body.type + '_STEP', 2);
                 res.send(a);
             }
@@ -401,6 +409,7 @@ const validate2 = (req, res, next) => {
 
                     cookieHelper.setVal(res, body.type + '_STEP', 2);
                     if (c.code === 200) {
+                        req.session.safeAccount = false;
                         res.send({
                             code: 200,
                             data: {}

@@ -218,9 +218,6 @@ const bindCheck = (req, res, next) => {
             } else if (result.code === 200 && result.data.is_register === 1) {
                 return UserService.getUserInfoAsync(area, mobile).then(user => {
                     // 绑定流程：code=201 已注册 绑定过其他第三方
-                    req.session.thirdBind = {
-                        mobile: mobile
-                    };
                     return { code: 201, message: result.message, data: { user: user } };
                 });
             } else if (result.code === 200 && result.data.is_register === 3) {
@@ -253,6 +250,9 @@ const sendBindMsg = (req, res, next) => {
 
     BindService.sendBindMsgAsync(area, mobile).then(result => {
         if (result && result.code) {
+            req.session.thirdBind = {
+                mobile: mobile
+            };
             res.json(result);
         } else {
             res.json({ code: 400, message: '', data: '' });