From 4bd1c1b5ddfa5eef20972e8ea3088b318ae8d183 Mon Sep 17 00:00:00 2001 From: xWafl <73sampleperson@gmail.com> Date: Mon, 13 Jul 2020 08:57:02 -0400 Subject: [PATCH] feat: password changing --- .../modules/users/actions/changePassword.ts | 20 +++++++++++++ packages/api/src/modules/users/router.test.ts | 28 +++++++++++++++++++ packages/api/src/modules/users/router.ts | 18 ++++++++++++ 3 files changed, 66 insertions(+) create mode 100644 packages/api/src/modules/users/actions/changePassword.ts diff --git a/packages/api/src/modules/users/actions/changePassword.ts b/packages/api/src/modules/users/actions/changePassword.ts new file mode 100644 index 0000000..047fb92 --- /dev/null +++ b/packages/api/src/modules/users/actions/changePassword.ts @@ -0,0 +1,20 @@ +import knex from "../../../../db/knex"; +import User from "../types/User"; +import bcrypt from "bcrypt"; + +export default async (id: number, oldPassword: string, newPassword: string) => { + const user = await knex("users") + .where({ id }) + .first(); + if (!user) { + return "No user exists"; + } + const passMatches = await bcrypt.compare(oldPassword, user.password); + if (!passMatches) { + return "Password does not match"; + } + const newEncrypted = await bcrypt.hash(newPassword, 12); + await knex("users") + .update({ password: newEncrypted }) + .where({ id }); +}; diff --git a/packages/api/src/modules/users/router.test.ts b/packages/api/src/modules/users/router.test.ts index 50e0a7d..314db45 100644 --- a/packages/api/src/modules/users/router.test.ts +++ b/packages/api/src/modules/users/router.test.ts @@ -43,6 +43,34 @@ describe("Users routes", async () => { ); }); + it("Changes the password of a user", async () => { + const response = await agent + .patch("/api/users/changePassword") + .send({ + oldPassword: "WhatShouldITypeHere88@", + newPassword: "WhatShouldITypeHere99@" + }) + .set("Accept", "application/json") + .expect("Content-Type", /json/) + .expect(200); + + expect(response.body.message).to.equal("Successfully changed password"); + }); + + it("Can't change if the password provided is wrong", async () => { + const response = await agent + .patch("/api/users/changePassword") + .send({ + oldPassword: "WhatShouldITypeHere88@", + newPassword: "WhatShouldITypeHere44@" + }) + .set("Accept", "application/json") + .expect("Content-Type", /json/) + .expect(400); + + expect(response.body.message).to.equal("Password does not match"); + }); + describe("Game stats", async () => { before(async () => { await agent diff --git a/packages/api/src/modules/users/router.ts b/packages/api/src/modules/users/router.ts index a60721c..d1e6e6f 100644 --- a/packages/api/src/modules/users/router.ts +++ b/packages/api/src/modules/users/router.ts @@ -12,6 +12,7 @@ import userGames from "./actions/userGames"; import { registerBody } from "./schema/registerBody"; import { UpdateCountry } from "./schema/updateCountry"; import { RegisterBody } from "./types/RegisterBody"; +import changePassword from "./actions/changePassword"; const router = new Router({ prefix: "/users" }); @@ -153,4 +154,21 @@ router.patch( } ); +router.patch("/changePassword", requireAuthenticated(), async (ctx, next) => { + const { user } = ctx.session!; + + const { oldPassword, newPassword } = ctx.request.body; + + const response = await changePassword(user, oldPassword, newPassword); + + if (response) { + throw new HttpError(400, response); + } + + ctx.status = 200; + ctx.body = { message: "Successfully changed password" }; + + await next(); +}); + export default router.routes();