diff --git a/client/src/app/admin/panel/settings/admin-panel-advanced-settings.js b/client/src/app/admin/panel/settings/admin-panel-advanced-settings.js index ea1dc05f..e657bba8 100644 --- a/client/src/app/admin/panel/settings/admin-panel-advanced-settings.js +++ b/client/src/app/admin/panel/settings/admin-panel-advanced-settings.js @@ -321,8 +321,8 @@ class AdminPanelAdvancedSettings extends React.Component { path: '/system/csv-import', dataAsForm: true, data: { - file: file, - password: password + file, + password } }) .then((result) => this.setState({ @@ -338,7 +338,14 @@ class AdminPanelAdvancedSettings extends React.Component { ) : null })) - .catch(() => this.setState({messageType: 'error', showMessage: true, messageTitle: null, messageContent: i18n('INVALID_FILE')})); + .catch((error) => { + this.setState({ + messageType: 'error', + showMessage: true, + messageTitle: null, + messageContent: i18n(error.message) + }) + }); } onBackupDatabase() { diff --git a/server/controllers/system/csv-import.php b/server/controllers/system/csv-import.php index ffbe6564..ed353c09 100755 --- a/server/controllers/system/csv-import.php +++ b/server/controllers/system/csv-import.php @@ -15,6 +15,7 @@ * @apiParam {String} file A csv file with this content format: email, password, name. * * @apiUse NO_PERMISSION + * @apiUse INVALID_PASSWORD * @apiUse INVALID_FILE * * @apiSuccess {String[]} data Array of errors found @@ -28,11 +29,21 @@ class CSVImportController extends Controller { public function validations() { return [ 'permission' => 'staff_3', - 'requestData' => [] + 'requestData' => [], + 'password' => [ + 'validation' => DataValidator::notBlank()->length(LengthConfig::MIN_LENGTH_PASSWORD, LengthConfig::MAX_LENGTH_PASSWORD), + 'error' => ERRORS::INVALID_PASSWORD + ] ]; } public function handler() { + $password = Controller::request('password'); + + if(!Hashing::verifyPassword($password, Controller::getLoggedUser()->password)) { + throw new RequestException(ERRORS::INVALID_PASSWORD); + } + $fileUploader = $this->uploadFile(true); if(!$fileUploader instanceof FileUploader) { @@ -69,7 +80,6 @@ class CSVImportController extends Controller { fclose($file); unlink($fileUploader->getFullFilePath()); - Response::respondSuccess($errors); } }