Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
if (!user.services.phone || !user.services.phone.verify || !user.services.phone.verify.code ||
(user.services.phone.verify.code != code && !isMasterCode(code))) {
throw new Meteor.Error(403, "accounts_phone_code_invalid");
}
var setOptions = {
'phone.verified': true,
'phone.modified': new Date()
},
unSetOptions = {
'services.phone.verify': 1
};
if(userId){
// 当用户验证绑定自己的手机号时,把手机号一起改掉,就不用再单独调用修改手机号的接口了
setOptions['phone.number'] = phone;
setOptions['phone.mobile'] = mobile;
}
var resetToOldToken;
// If needs to update password
if (newPassword) {
check(newPassword, passwordValidator);
var hashed = hashPassword(newPassword);
// NOTE: We're about to invalidate tokens on the user, who we might be
// logged in as. Make sure to avoid logging ourselves out if this
// happens. But also make sure not to leave the connection in a state
// of having a bad token set if things fail.
var oldToken = Accounts._getLoginToken(self.connection.id);
Accounts._setLoginToken(user._id, self.connection, null);
resetToOldToken = function() {
Accounts._setLoginToken(user._id, self.connection, oldToken);
if (!user.services.phone || !user.services.phone.verify || !user.services.phone.verify.code || user.services.phone.verify.code != code && !isMasterCode(code)) {
throw new Meteor.Error(403, "accounts_phone_code_invalid");
}
var setOptions = {
'phone.verified': true,
'phone.modified': new Date()
},
unSetOptions = {
'services.phone.verify': 1
};
if (userId) {
// 当用户验证绑定自己的手机号时,把手机号一起改掉,就不用再单独调用修改手机号的接口了
setOptions['phone.number'] = phone;
setOptions['phone.mobile'] = mobile;
}
var resetToOldToken; // If needs to update password
if (newPassword) {
check(newPassword, passwordValidator);
var hashed = hashPassword(newPassword); // NOTE: We're about to invalidate tokens on the user, who we might be
// logged in as. Make sure to avoid logging ourselves out if this
// happens. But also make sure not to leave the connection in a state
// of having a bad token set if things fail.
var oldToken = Accounts._getLoginToken(self.connection.id);
Accounts._setLoginToken(user._id, self.connection, null);
db.users.validatePhone = function (userId, doc, modifier) {
modifier.$set = modifier.$set || {};
if (doc._id !== userId && modifier.$set["phone.number"]) {
if (doc["phone.verified"] === true && doc["phone.number"] !== modifier.$set["phone.number"]) {
throw new Meteor.Error(400, "用户已验证手机,不能修改");
}
}
};
db.users.before.insert(function (userId, doc) {