feat(api): add the api endpoint for updating user password

2026-01-06 14:10:06 +00:00 · 2022-11-22 00:02:59 +05:00
parent b47e74a7e1
commit 4581f32534
4 changed files with 129 additions and 2 deletions
--- a/api/src/controllers/auth.ts
+++ b/api/src/controllers/auth.ts
@@ -1,4 +1,16 @@
-import { Security, Route, Tags, Example, Post, Body, Query, Hidden } from 'tsoa'
+import express from 'express'
+import {
+  Security,
+  Route,
+  Tags,
+  Example,
+  Post,
+  Patch,
+  Request,
+  Body,
+  Query,
+  Hidden
+} from 'tsoa'
 import jwt from 'jsonwebtoken'
 import { InfoJWT } from '../types'
 import {
@@ -9,6 +21,7 @@ import {
  saveTokensInDB
 } from '../utils'
 import Client from '../model/Client'
+import User from '../model/User'

@Route('SASjsApi/auth')
@Tags('Auth')
@@ -62,6 +75,18 @@ export class AuthController {
  public async logout(@Query() @Hidden() data?: InfoJWT) {
    return logout(data!)
  }
+
+  /**
+   * @summary Update user's password.
+   */
+  @Security('bearerAuth')
+  @Patch('updatePassword')
+  public async updatePassword(
+    @Request() req: express.Request,
+    @Body() body: UpdatePasswordPayload
+  ) {
+    return updatePassword(req, body)
+  }
 }

 const token = async (data: any): Promise<TokenResponse> => {
@@ -128,6 +153,39 @@ const logout = async (userInfo: InfoJWT) => {
  await removeTokensInDB(userInfo.userId, userInfo.clientId)
 }

+const updatePassword = async (
+  req: express.Request,
+  data: UpdatePasswordPayload
+) => {
+  const { currentPassword, newPassword } = data
+  const userId = req.user?.userId
+  const dbUser = await User.findOne({ userId })
+
+  if (!dbUser)
+    throw {
+      code: 404,
+      message: `User not found!`
+    }
+
+  if (dbUser?.authProvider) {
+    throw {
+      code: 405,
+      message:
+        'Can not update password of user that is created by an external auth provider.'
+    }
+  }
+
+  const validPass = dbUser.comparePassword(currentPassword)
+  if (!validPass)
+    throw {
+      code: 403,
+      message: `Invalid current password!`
+    }
+
+  dbUser.password = User.hashPassword(newPassword)
+  await dbUser.save()
+}
+
 interface TokenPayload {
  /**
   * Client ID
@@ -154,6 +212,19 @@ interface TokenResponse {
  refreshToken: string
 }

+interface UpdatePasswordPayload {
+  /**
+   * Current Password
+   * @example "currentPasswordString"
+   */
+  currentPassword: string
+  /**
+   * New Password
+   * @example "newPassword"
+   */
+  newPassword: string
+}
+
 const verifyAuthCode = async (
  clientId: string,
  code: string
--- a/api/src/routes/api/auth.ts
+++ b/api/src/routes/api/auth.ts
@@ -7,12 +7,28 @@ import {
  authenticateRefreshToken
 } from '../../middlewares'

-import { tokenValidation } from '../../utils'
+import { tokenValidation, updatePasswordValidation } from '../../utils'
 import { InfoJWT } from '../../types'

 const authRouter = express.Router()
 const controller = new AuthController()

+authRouter.patch(
+  '/updatePassword',
+  authenticateAccessToken,
+  async (req, res) => {
+    const { error, value: body } = updatePasswordValidation(req.body)
+    if (error) return res.status(400).send(error.details[0].message)
+
+    try {
+      await controller.updatePassword(req, body)
+      res.sendStatus(204)
+    } catch (err: any) {
+      res.status(err.code).send(err.message)
+    }
+  }
+)
+
 authRouter.post('/token', async (req, res) => {
  const { error, value: body } = tokenValidation(req.body)
  if (error) return res.status(400).send(error.details[0].message)
--- a/api/src/utils/validation.ts
+++ b/api/src/utils/validation.ts
@@ -85,6 +85,12 @@ export const updateUserValidation = (
  return Joi.object(validationChecks).validate(data)
 }

+export const updatePasswordValidation = (data: any): Joi.ValidationResult =>
+  Joi.object({
+    currentPassword: Joi.string().required(),
+    newPassword: passwordSchema.required()
+  }).validate(data)
+
 export const registerClientValidation = (data: any): Joi.ValidationResult =>
  Joi.object({
    clientId: Joi.string().required(),