feat: password changing

vycdev · Jul 13, 2020 · 4bd1c1b · 4bd1c1b
1 parent 903aa1e
commit 4bd1c1b
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 0 deletions.
diff --git a/packages/api/src/modules/users/actions/changePassword.ts b/packages/api/src/modules/users/actions/changePassword.ts
@@ -0,0 +1,20 @@
+import knex from "../../../../db/knex";
+import User from "../types/User";
+import bcrypt from "bcrypt";
+
+export default async (id: number, oldPassword: string, newPassword: string) => {
+    const user = await knex<User>("users")
+        .where({ id })
+        .first();
+    if (!user) {
+        return "No user exists";
+    }
+    const passMatches = await bcrypt.compare(oldPassword, user.password);
+    if (!passMatches) {
+        return "Password does not match";
+    }
+    const newEncrypted = await bcrypt.hash(newPassword, 12);
+    await knex<User>("users")
+        .update({ password: newEncrypted })
+        .where({ id });
+};
diff --git a/packages/api/src/modules/users/router.test.ts b/packages/api/src/modules/users/router.test.ts
@@ -43,6 +43,34 @@ describe("Users routes", async () => {
         );
     });
 
+    it("Changes the password of a user", async () => {
+        const response = await agent
+            .patch("/api/users/changePassword")
+            .send({
+                oldPassword: "WhatShouldITypeHere88@",
+                newPassword: "WhatShouldITypeHere99@"
+            })
+            .set("Accept", "application/json")
+            .expect("Content-Type", /json/)
+            .expect(200);
+
+        expect(response.body.message).to.equal("Successfully changed password");
+    });
+
+    it("Can't change if the password provided is wrong", async () => {
+        const response = await agent
+            .patch("/api/users/changePassword")
+            .send({
+                oldPassword: "WhatShouldITypeHere88@",
+                newPassword: "WhatShouldITypeHere44@"
+            })
+            .set("Accept", "application/json")
+            .expect("Content-Type", /json/)
+            .expect(400);
+
+        expect(response.body.message).to.equal("Password does not match");
+    });
+
     describe("Game stats", async () => {
         before(async () => {
             await agent

diff --git a/packages/api/src/modules/users/router.ts b/packages/api/src/modules/users/router.ts
@@ -12,6 +12,7 @@ import userGames from "./actions/userGames";
 import { registerBody } from "./schema/registerBody";
 import { UpdateCountry } from "./schema/updateCountry";
 import { RegisterBody } from "./types/RegisterBody";
+import changePassword from "./actions/changePassword";
 
 const router = new Router({ prefix: "/users" });
 
@@ -153,4 +154,21 @@ router.patch(
     }
 );
 
+router.patch("/changePassword", requireAuthenticated(), async (ctx, next) => {
+    const { user } = ctx.session!;
+
+    const { oldPassword, newPassword } = ctx.request.body;
+
+    const response = await changePassword(user, oldPassword, newPassword);
+
+    if (response) {
+        throw new HttpError(400, response);
+    }
+
+    ctx.status = 200;
+    ctx.body = { message: "Successfully changed password" };
+
+    await next();
+});
+
 export default router.routes();