fe / yoho-blk · Commits

Go to a project

Authored by shijian
Commit 5f5eb12f4aea9e5359837ae5c24d9f550070c246 1 parent 14c72304

漏洞修复

Inline Side-by-side
Showing 3 changed files with 33 additions and 18 deletions
... ... @@ -166,6 +166,7 @@ const bindMobile = (req, res, next) => {
settingModel.getUserInfo(uid).then(result => {
if (result.info.verify_mobile !== '') {
req.session.modify_phone = {mobile: result.info.verify_mobile};
return mcHandler.getMeThumb().then((thumb) => {
let info = result.info;
... ... @@ -205,6 +206,7 @@ const bindEmail = (req, res, next) => {
settingModel.getUserInfo(uid).then(result => {
if (result.info.verify_email !== '') {
req.session.modify_email = {email: result.info.verify_email};
let info = result.info;
info.ellipsisEmail = info.verify_email.replace(regEmail, '$1****');
... ... @@ -357,8 +359,14 @@ const validate1 = (req, res, next) => {
if (type === 'password') {
a = yield accountModel.verifyPwd(uid, body.password);
} else if (type === 'mobile') {
if (req.session.modify_phone.mobile !== body.mobile) {
return res.send({code: 400});
}
a = yield accountModel.checkVerifyMsg(body.code, body.mobile, body.area);
} else if (type === 'email') {
if (req.session.modify_email.email !== body.email) {
return res.send({code: 400});
}
a = yield accountModel.sendVerifyEmail(uid, body.email);
}
... ...
... ... @@ -247,8 +247,9 @@ const bindCheck = (req, res, next) => {
const sendBindMsg = (req, res, next) => {
let mobile = req.body.mobile;
let area = req.body.area;
let verifyCode = req.body.verifyCode;
if (req.session.autouserinfoMobile && req.session.autouserinfoMobile !== mobile) {
if (req.session.autouserinfoMobile && req.session.autouserinfoMobile !== mobile || verifyCode !== req.session.captcha) {//eslint-disable-line
req.session.autouserinfoMobile = '';
req.session.captcha = '';
return res.json({
... ... @@ -330,25 +331,30 @@ const relateMobile = (req, res, next) => {
let areaCode = req.body.areaCode || '86';
let sourceType = req.body.sourceType;
BindService.relateMobileAsync(openId, sourceType, mobile, areaCode).then(result => {
if (result && result.code) {
if (result.code === 200 && result.data && result.data.uid) {
let refer = helpers.urlFormat('/passport/thirdlogin/relatesuccess', {
sourceType: sourceType + '_bind'
});
if (req.session.thirdBind && req.session.thirdBind.mobile === mobile) {
BindService.relateMobileAsync(openId, sourceType, mobile, areaCode).then(result => {
if (result && result.code) {
if (result.code === 200 && result.data && result.data.uid) {
let refer = helpers.urlFormat('/passport/thirdlogin/relatesuccess', {
sourceType: sourceType + '_bind'
});
return LoginService.syncUserSession(result.data.uid, req, res).then(() => {
return { code: 200, message: result.message, data: { refer: refer } };
});
return LoginService.syncUserSession(result.data.uid, req, res).then(() => {
req.session.thirdBind = '';
return { code: 200, message: result.message, data: { refer: refer } };
});
} else {
return { code: result.code, message: result.message, data: { refer: '' } };
}
} else {
return { code: result.code, message: result.message, data: { refer: '' } };
return { code: 400, message: '', data: '' };
}
} else {
return { code: 400, message: '', data: '' };
}
}).then(result => {
res.json(result);
}).catch(next);
}).then(result => {
res.json(result);
}).catch(next);
} else {
res.json({ code: 400, message: '', data: '' });
}
};
module.exports = {
... ...
... ... @@ -76,7 +76,8 @@ function sendSMSCaptcha() {
url: '/passport/autouserinfo/sendBindMsg',
data: {
mobile: $phoneNumInput.val(),
area: $regionCodeText.text().replace('+', '')
area: $regionCodeText.text().replace('+', ''),
verifyCode: $imgCaptchaInput.val()
}
}).then(function(ret) {
if (ret && ret.code === 400) {
... ...