From 7b644f999158267d37d8ca1c5642ec8cf54a5a1f Mon Sep 17 00:00:00 2001 From: bill bittner Date: Wed, 30 May 2018 18:52:13 -0700 Subject: [PATCH 1/3] added route and controller for updating user password --- server/controllers/api/user/password/index.js | 60 +++++++++++++++++++ server/routes/api/index.js | 3 + 2 files changed, 63 insertions(+) create mode 100644 server/controllers/api/user/password/index.js diff --git a/server/controllers/api/user/password/index.js b/server/controllers/api/user/password/index.js new file mode 100644 index 00000000..d0ca20e5 --- /dev/null +++ b/server/controllers/api/user/password/index.js @@ -0,0 +1,60 @@ +const { handleErrorResponse } = require('../../../utils/errorHandlers.js'); +const logger = require('winston'); +const db = require('../../../../models'); +const siteConfig = require('./config/siteConfig.js'); + +const masterPassword = siteConfig.auth.sessionKey; + +/* + + route to update a password + +*/ + +const updateUserPassword = ({ ip, originalUrl, body }, res) => { + let userRecord; + const { userName, oldPassword, newPassword } = body; + if (!user || !oldPassword || newPassword) { + return res.status(400).json({success: false, message: 'body should include userName (channel name without the @), oldPassword, & newPassword'}); + }; + + db.User.findOne({ + where: { + userName, + }, + }) + .then(user => { + if (!user) { + throw new Error('no user found'); + } + userRecord = user; + if (oldPassword === masterPassword) { + console.log('master password provided'); + return true; + } else { + console.log('old password provided'); + return user.comparePassword(oldPassword); + } + }) + .then(isMatch => { + if (!isMatch) { + throw new Error('Incorrect old password.'); + } + logger.debug('Password was a match, updating password'); + return user.changePassword(newPassword); + }) + .then(() => { + logger.debug('Password successfully updated'); + return res.status(200).json({ + success: true, + message: 'Password successfully updated', + oldPassword, + newPassword, + }); + }) + .catch((error) => { + handleErrorResponse(originalUrl, ip, error, res); + }); +}; + +module.exports = updateUserPassword; diff --git a/server/routes/api/index.js b/server/routes/api/index.js index 4eda3f2a..0aabd472 100644 --- a/server/routes/api/index.js +++ b/server/routes/api/index.js @@ -12,6 +12,7 @@ const claimPublish = require('../../controllers/api/claim/publish'); const claimResolve = require('../../controllers/api/claim/resolve'); const claimShortId = require('../../controllers/api/claim/shortId'); const fileAvailability = require('../../controllers/api/file/availability'); +const userPassword = require('../../controllers/api/user/password'); const multipartMiddleware = require('../utils/multipartMiddleware'); @@ -33,4 +34,6 @@ module.exports = (app) => { app.get('/api/claim/short-id/:longId/:name', claimShortId); // file routes app.get('/api/file/availability/:name/:claimId', fileAvailability); + // user routes + app.put('/api/user/password/', userPassword); }; From b4fb633c230e71c7401749be7bde0aee55580eb0 Mon Sep 17 00:00:00 2001 From: bill bittner Date: Thu, 31 May 2018 09:36:45 -0700 Subject: [PATCH 2/3] fixed a few bugs --- server/controllers/api/user/password/index.js | 29 ++++++++++++------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/server/controllers/api/user/password/index.js b/server/controllers/api/user/password/index.js index d0ca20e5..ebcd3182 100644 --- a/server/controllers/api/user/password/index.js +++ b/server/controllers/api/user/password/index.js @@ -1,9 +1,7 @@ const { handleErrorResponse } = require('../../../utils/errorHandlers.js'); const logger = require('winston'); const db = require('../../../../models'); -const siteConfig = require('./config/siteConfig.js'); - -const masterPassword = siteConfig.auth.sessionKey; +const { auth: { masterPassword } } = require('../../../../../config/siteConfig.js'); /* @@ -14,9 +12,20 @@ const masterPassword = siteConfig.auth.sessionKey; const updateUserPassword = ({ ip, originalUrl, body }, res) => { let userRecord; const { userName, oldPassword, newPassword } = body; - if (!user || !oldPassword || newPassword) { - return res.status(400).json({success: false, message: 'body should include userName (channel name without the @), oldPassword, & newPassword'}); - }; + logger.info('body:', body); + if (!masterPassword) { + return res.status(400).json({ + success: false, + message: 'no master password set in site config', + }); + } + + if (!userName || !oldPassword || !newPassword) { + return res.status(400).json({ + success: false, + message: 'body should include userName (channel name without the @), oldPassword, & newPassword', + }); + } db.User.findOne({ where: { @@ -24,16 +33,16 @@ const updateUserPassword = ({ ip, originalUrl, body }, res) => { }, }) .then(user => { - if (!user) { + userRecord = user; + if (!userRecord) { throw new Error('no user found'); } - userRecord = user; if (oldPassword === masterPassword) { console.log('master password provided'); return true; } else { console.log('old password provided'); - return user.comparePassword(oldPassword); + return userRecord.comparePassword(oldPassword); } }) .then(isMatch => { @@ -41,7 +50,7 @@ const updateUserPassword = ({ ip, originalUrl, body }, res) => { throw new Error('Incorrect old password.'); } logger.debug('Password was a match, updating password'); - return user.changePassword(newPassword); + return userRecord.changePassword(newPassword); }) .then(() => { logger.debug('Password successfully updated'); From a93237cf106b4ec635dd08ebe083900b61c5cf35 Mon Sep 17 00:00:00 2001 From: bill bittner Date: Thu, 31 May 2018 09:38:11 -0700 Subject: [PATCH 3/3] updated debug console logs --- server/controllers/api/user/password/index.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/server/controllers/api/user/password/index.js b/server/controllers/api/user/password/index.js index ebcd3182..e1e3cff3 100644 --- a/server/controllers/api/user/password/index.js +++ b/server/controllers/api/user/password/index.js @@ -12,7 +12,7 @@ const { auth: { masterPassword } } = require('../../../../../config/siteConfig.j const updateUserPassword = ({ ip, originalUrl, body }, res) => { let userRecord; const { userName, oldPassword, newPassword } = body; - logger.info('body:', body); + if (!masterPassword) { return res.status(400).json({ success: false, @@ -38,10 +38,10 @@ const updateUserPassword = ({ ip, originalUrl, body }, res) => { throw new Error('no user found'); } if (oldPassword === masterPassword) { - console.log('master password provided'); + logger.debug('master password provided'); return true; } else { - console.log('old password provided'); + logger.debug('old password provided'); return userRecord.comparePassword(oldPassword); } })