Resolve #2623

src/server/api/endpoints/i/change_password.ts

@@ -1,23 +1,30 @@
 import $ from 'cafy';
 import * as bcrypt from 'bcryptjs';
 import User, { ILocalUser } from '../../../../models/user';
+import getParams from '../../get-params';
 
 export const meta = {
 	requireCredential: true,
-	secure: true
+
+	secure: true,
+
+	params: {
+		currentPassword: {
+			validator: $.str
+		},
+
+		newPassword: {
+			validator: $.str
+		}
+	}
 };
 
 export default async (params: any, user: ILocalUser) => new Promise(async (res, rej) => {
-	// Get 'currentPasword' parameter
-	const [currentPassword, currentPasswordErr] = $.str.get(params.currentPasword);
-	if (currentPasswordErr) return rej('invalid currentPasword param');
-
-	// Get 'newPassword' parameter
-	const [newPassword, newPasswordErr] = $.str.get(params.newPassword);
-	if (newPasswordErr) return rej('invalid newPassword param');
+	const [ps, psErr] = getParams(meta, params);
+	if (psErr) return rej(psErr);
 
 	// Compare password
-	const same = await bcrypt.compare(currentPassword, user.password);
+	const same = await bcrypt.compare(ps.currentPassword, user.password);
 
 	if (!same) {
 		return rej('incorrect password');
@@ -25,7 +32,7 @@ export default async (params: any, user: ILocalUser) => new Promise(async (res,
 
 	// Generate hash of password
 	const salt = await bcrypt.genSalt(8);
-	const hash = await bcrypt.hash(newPassword, salt);
+	const hash = await bcrypt.hash(ps.newPassword, salt);
 
 	await User.update(user._id, {
 		$set: {