diff --git a/packages/server/src/controllers/UserController/index.js b/packages/server/src/controllers/UserController/index.js index 6e70cf37..9a679c42 100755 --- a/packages/server/src/controllers/UserController/index.js +++ b/packages/server/src/controllers/UserController/index.js @@ -1,9 +1,14 @@ import { Controller } from "linebridge/dist/server" import passport from "passport" -import { User, UserFollow } from "../../models" -import { Token, Schematized, createUser } from "../../lib" +import lodash from "lodash" + import SessionController from "../SessionController" -import _ from "lodash" + +import { User, UserFollow } from "../../models" +import { Token, Schematized } from "../../lib" + +import createUser from "./methods/createUser" +import updatePassword from "./methods/updatePassword" const AllowedPublicUpdateFields = [ "fullName", @@ -217,7 +222,7 @@ export default class UserController extends Controller { }) } - user = _.pick(user, AllowedAnonPublicGetters) + user = lodash.pick(user, AllowedAnonPublicGetters) return res.json(user) } @@ -417,6 +422,39 @@ export default class UserController extends Controller { return res.json(result) }), + "/self/update_password": { + middlewares: ["withAuthentication"], + fn: Schematized({ + required: ["currentPassword", "newPassword"], + select: ["currentPassword", "newPassword",] + }, async (req, res) => { + const user = await User.findById(req.user._id).select("+password") + + if (!user) { + return res.status(404).json({ message: "User not found" }) + } + + const currentPasswordHash = await bcrypt.hash(req.selection.currentPassword, parseInt(process.env.BCRYPT_ROUNDS ?? 3)) + + const isPasswordValid = await bcrypt.compareSync(currentPasswordHash, user.password) + + if (!isPasswordValid) { + return res.status(401).json({ message: "Invalid password" }) + } + + const result = await updatePassword({ + user_id: req.user._id, + newPassword: req.selection.newPassword, + }).catch((error) => { + res.status(500).json({ message: error.message }) + return null + }) + + if (result) { + return res.json(result) + } + }) + }, "/update_user": { middlewares: ["withAuthentication", "roles"], fn: Schematized({ diff --git a/packages/server/src/lib/createUser/index.js b/packages/server/src/controllers/UserController/methods/createUser.js old mode 100755 new mode 100644 similarity index 97% rename from packages/server/src/lib/createUser/index.js rename to packages/server/src/controllers/UserController/methods/createUser.js index 1b558b28..b6d95c39 --- a/packages/server/src/lib/createUser/index.js +++ b/packages/server/src/controllers/UserController/methods/createUser.js @@ -1,4 +1,4 @@ -import { User } from "../../models" +import { User } from "../../../models" import Avatars from "dicebar_lib" import bcrypt from "bcrypt" diff --git a/packages/server/src/controllers/UserController/methods/updatePassword.js b/packages/server/src/controllers/UserController/methods/updatePassword.js new file mode 100644 index 00000000..dd7edce5 --- /dev/null +++ b/packages/server/src/controllers/UserController/methods/updatePassword.js @@ -0,0 +1,24 @@ +import bcrypt from "bcrypt" +import { User } from "../../../models" + +export default async function (payload) { + const { user_id, password } = payload + + const user = await User.findById(user_id) + + if (!user) { + throw new Error("User not found") + } + + // hash the password + const hash = bcrypt.hashSync(password, parseInt(process.env.BCRYPT_ROUNDS ?? 3)) + + user.password = hash + + await user.save() + + return { + status: "ok", + message: "Password updated successfully", + } +} \ No newline at end of file diff --git a/packages/server/src/lib/index.js b/packages/server/src/lib/index.js index 7ca29d87..b0c02f8a 100755 --- a/packages/server/src/lib/index.js +++ b/packages/server/src/lib/index.js @@ -1,5 +1,4 @@ export { default as Schematized } from "./schematized" export { default as additionsHandler } from "./additionsHandler" -export { default as createUser } from "./createUser" export * as Token from "./token" \ No newline at end of file