From 049ae73d74321b8688518dbbc29cb69f0faefab8 Mon Sep 17 00:00:00 2001
From: advplyr <advplyr@protonmail.com>
Date: Fri, 29 Apr 2022 18:38:13 -0500
Subject: [PATCH] Update:Guest user accounts cannot change the account password
 #537

---
 client/pages/account.vue           | 7 +++++--
 server/controllers/MeController.js | 4 ++++
 server/objects/user/User.js        | 3 +++
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/client/pages/account.vue b/client/pages/account.vue
index 4ce7d1bb..88c294c1 100644
--- a/client/pages/account.vue
+++ b/client/pages/account.vue
@@ -15,8 +15,8 @@
 
         <div class="w-full h-px bg-primary my-4" />
 
-        <p class="mb-4 text-lg">Change Password</p>
-        <form @submit.prevent="submitChangePassword">
+        <p v-if="!isGuest" class="mb-4 text-lg">Change Password</p>
+        <form v-if="!isGuest" @submit.prevent="submitChangePassword">
           <ui-text-input-with-label v-model="password" :disabled="changingPassword" type="password" label="Password" class="my-2" />
           <ui-text-input-with-label v-model="newPassword" :disabled="changingPassword" type="password" label="New Password" class="my-2" />
           <ui-text-input-with-label v-model="confirmPassword" :disabled="changingPassword" type="password" label="Confirm Password" class="my-2" />
@@ -60,6 +60,9 @@ export default {
     },
     isRoot() {
       return this.usertype === 'root'
+    },
+    isGuest() {
+      return this.usertype === 'guest'
     }
   },
   methods: {
diff --git a/server/controllers/MeController.js b/server/controllers/MeController.js
index dd91e59a..00a04a04 100644
--- a/server/controllers/MeController.js
+++ b/server/controllers/MeController.js
@@ -133,6 +133,10 @@ class MeController {
 
   // PATCH: api/me/password
   updatePassword(req, res) {
+    if (req.user.isGuest) {
+      Logger.error(`[MeController] Guest user attempted to change password`, req.user.username)
+      return res.sendStatus(500)
+    }
     this.auth.userChangePassword(req, res)
   }
 
diff --git a/server/objects/user/User.js b/server/objects/user/User.js
index 974ce097..14898554 100644
--- a/server/objects/user/User.js
+++ b/server/objects/user/User.js
@@ -33,6 +33,9 @@ class User {
   get isAdmin() {
     return this.type === 'admin'
   }
+  get isGuest() {
+    return this.type === 'guest'
+  }
   get isAdminOrUp() {
     return this.isAdmin || this.isRoot
   }