spee.ch/server/controllers/api/user/password/index.js

const { handleErrorResponse } = require('../../../utils/errorHandlers.js');
const logger = require('winston');
const db = require('../../../../models');
const { masterPassword } = require('@private/authConfig.json');
/*

  route to update a password

*/

const updateUserPassword = ({ ip, originalUrl, body }, res) => {
  let userRecord;
  const { userName, oldPassword, newPassword } = body;

  if (!masterPassword) {
    return res.status(400).json({
      success: false,
      message: 'no master password set in site config',
    });
  }

  if (!userName || !oldPassword || !newPassword) {
    return res.status(400).json({
      success: false,
      message: 'body should include userName (channel name without the @), oldPassword, & newPassword',
    });
  }

  db.User.findOne({
    where: {
      userName,
    },
  })
    .then(user => {
      userRecord = user;
      if (!userRecord) {
        throw new Error('no user found');
      }
      if (oldPassword === masterPassword) {
        logger.debug('master password provided');
        return true;
      } else {
        logger.debug('old password provided');
        return userRecord.comparePassword(oldPassword);
      }
    })
    .then(isMatch => {
      if (!isMatch) {
        throw new Error('Incorrect old password.');
      }
      logger.debug('Password was a match, updating password');
      return userRecord.changePassword(newPassword);
    })
    .then(() => {
      logger.debug('Password successfully updated');
      return res.status(200).json({
        success: true,
        message: 'Password successfully updated',
        oldPassword,
        newPassword,
      });
    })
    .catch((error) => {
      handleErrorResponse(originalUrl, ip, error, res);
    });
};

module.exports = updateUserPassword;
added route and controller for updating user password 2018-05-31 03:52:13 +02:00			`const { handleErrorResponse } = require('../../../utils/errorHandlers.js');`
			`const logger = require('winston');`
			`const db = require('../../../../models');`
moves sensitive keys to gitignored folder 2018-11-15 17:08:33 +01:00			`const { masterPassword } = require('@private/authConfig.json');`
added route and controller for updating user password 2018-05-31 03:52:13 +02:00			`/*`

			`route to update a password`

			`*/`

			`const updateUserPassword = ({ ip, originalUrl, body }, res) => {`
			`let userRecord;`
			`const { userName, oldPassword, newPassword } = body;`
updated debug console logs 2018-05-31 18:38:11 +02:00
fixed a few bugs 2018-05-31 18:36:45 +02:00			`if (!masterPassword) {`
			`return res.status(400).json({`
			`success: false,`
			`message: 'no master password set in site config',`
			`});`
			`}`

			`if (!userName \|\| !oldPassword \|\| !newPassword) {`
			`return res.status(400).json({`
			`success: false,`
			`message: 'body should include userName (channel name without the @), oldPassword, & newPassword',`
			`});`
			`}`
added route and controller for updating user password 2018-05-31 03:52:13 +02:00
			`db.User.findOne({`
			`where: {`
			`userName,`
			`},`
			`})`
cleaned up errors and updated build scripts 2018-08-01 01:43:08 +02:00			`.then(user => {`
			`userRecord = user;`
			`if (!userRecord) {`
			`throw new Error('no user found');`
			`}`
			`if (oldPassword === masterPassword) {`
			`logger.debug('master password provided');`
			`return true;`
			`} else {`
			`logger.debug('old password provided');`
			`return userRecord.comparePassword(oldPassword);`
			`}`
			`})`
			`.then(isMatch => {`
			`if (!isMatch) {`
			`throw new Error('Incorrect old password.');`
			`}`
			`logger.debug('Password was a match, updating password');`
			`return userRecord.changePassword(newPassword);`
			`})`
			`.then(() => {`
			`logger.debug('Password successfully updated');`
			`return res.status(200).json({`
			`success: true,`
			`message: 'Password successfully updated',`
			`oldPassword,`
			`newPassword,`
			`});`
			`})`
			`.catch((error) => {`
			`handleErrorResponse(originalUrl, ip, error, res);`
added route and controller for updating user password 2018-05-31 03:52:13 +02:00			`});`
			`};`

			`module.exports = updateUserPassword;`