From 7b644f999158267d37d8ca1c5642ec8cf54a5a1f Mon Sep 17 00:00:00 2001
From: bill bittner <bittner.w@gmail.com>
Date: Wed, 30 May 2018 18:52:13 -0700
Subject: [PATCH] added route and controller for updating user password

---
 server/controllers/api/user/password/index.js | 60 +++++++++++++++++++
 server/routes/api/index.js                    |  3 +
 2 files changed, 63 insertions(+)
 create mode 100644 server/controllers/api/user/password/index.js

diff --git a/server/controllers/api/user/password/index.js b/server/controllers/api/user/password/index.js
new file mode 100644
index 00000000..d0ca20e5
--- /dev/null
+++ b/server/controllers/api/user/password/index.js
@@ -0,0 +1,60 @@
+const { handleErrorResponse } = require('../../../utils/errorHandlers.js');
+const logger = require('winston');
+const db = require('../../../../models');
+const siteConfig = require('./config/siteConfig.js');
+
+const masterPassword = siteConfig.auth.sessionKey;
+
+/*
+
+  route to update a password
+
+*/
+
+const updateUserPassword = ({ ip, originalUrl, body }, res) => {
+  let userRecord;
+  const { userName, oldPassword, newPassword } = body;
+  if (!user || !oldPassword || newPassword) {
+    return res.status(400).json({success: false, message: 'body should include userName (channel name without the @), oldPassword, & newPassword'});
+  };
+
+  db.User.findOne({
+    where: {
+      userName,
+    },
+  })
+  .then(user => {
+    if (!user) {
+      throw new Error('no user found');
+    }
+    userRecord = user;
+    if (oldPassword === masterPassword) {
+      console.log('master password provided');
+      return true;
+    } else {
+      console.log('old password provided');
+      return user.comparePassword(oldPassword);
+    }
+  })
+  .then(isMatch => {
+    if (!isMatch) {
+      throw new Error('Incorrect old password.');
+    }
+    logger.debug('Password was a match, updating password');
+    return user.changePassword(newPassword);
+  })
+  .then(() => {
+    logger.debug('Password successfully updated');
+    return res.status(200).json({
+      success: true,
+      message: 'Password successfully updated',
+      oldPassword,
+      newPassword,
+    });
+  })
+  .catch((error) => {
+    handleErrorResponse(originalUrl, ip, error, res);
+  });
+};
+
+module.exports = updateUserPassword;
diff --git a/server/routes/api/index.js b/server/routes/api/index.js
index 4eda3f2a..0aabd472 100644
--- a/server/routes/api/index.js
+++ b/server/routes/api/index.js
@@ -12,6 +12,7 @@ const claimPublish = require('../../controllers/api/claim/publish');
 const claimResolve = require('../../controllers/api/claim/resolve');
 const claimShortId = require('../../controllers/api/claim/shortId');
 const fileAvailability = require('../../controllers/api/file/availability');
+const userPassword = require('../../controllers/api/user/password');
 
 const multipartMiddleware = require('../utils/multipartMiddleware');
 
@@ -33,4 +34,6 @@ module.exports = (app) => {
   app.get('/api/claim/short-id/:longId/:name', claimShortId);
   // file routes
   app.get('/api/file/availability/:name/:claimId', fileAvailability);
+  // user routes
+  app.put('/api/user/password/', userPassword);
 };