2019-10-18 08:06:34 +05:00
|
|
|
const bcrypt = require('bcrypt');
|
|
|
|
|
|
|
|
|
|
const Errors = {
|
2023-10-17 19:18:19 +02:00
|
|
|
NOT_ENOUGH_RIGHTS: {
|
|
|
|
|
notEnoughRights: 'Not enough rights',
|
|
|
|
|
},
|
2019-10-18 08:06:34 +05:00
|
|
|
USER_NOT_FOUND: {
|
2020-04-03 00:35:25 +05:00
|
|
|
userNotFound: 'User not found',
|
2019-10-18 08:06:34 +05:00
|
|
|
},
|
2020-04-03 00:35:25 +05:00
|
|
|
INVALID_CURRENT_PASSWORD: {
|
|
|
|
|
invalidCurrentPassword: 'Invalid current password',
|
2019-10-18 08:06:34 +05:00
|
|
|
},
|
2020-04-03 00:35:25 +05:00
|
|
|
EMAIL_ALREADY_IN_USE: {
|
|
|
|
|
emailAlreadyInUse: 'Email already in use',
|
2019-11-05 18:01:42 +05:00
|
|
|
},
|
2019-10-18 08:06:34 +05:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
module.exports = {
|
|
|
|
|
inputs: {
|
|
|
|
|
id: {
|
|
|
|
|
type: 'string',
|
|
|
|
|
regex: /^[0-9]+$/,
|
2019-11-05 18:01:42 +05:00
|
|
|
required: true,
|
2019-10-18 08:06:34 +05:00
|
|
|
},
|
|
|
|
|
email: {
|
|
|
|
|
type: 'string',
|
|
|
|
|
isEmail: true,
|
2019-11-05 18:01:42 +05:00
|
|
|
required: true,
|
2019-10-18 08:06:34 +05:00
|
|
|
},
|
|
|
|
|
currentPassword: {
|
|
|
|
|
type: 'string',
|
2019-11-05 18:01:42 +05:00
|
|
|
isNotEmptyString: true,
|
|
|
|
|
},
|
2019-10-18 08:06:34 +05:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
exits: {
|
2023-10-17 19:18:19 +02:00
|
|
|
notEnoughRights: {
|
|
|
|
|
responseType: 'forbidden',
|
|
|
|
|
},
|
2020-04-03 00:35:25 +05:00
|
|
|
userNotFound: {
|
2019-11-05 18:01:42 +05:00
|
|
|
responseType: 'notFound',
|
2019-10-18 08:06:34 +05:00
|
|
|
},
|
2020-04-03 00:35:25 +05:00
|
|
|
invalidCurrentPassword: {
|
2019-11-05 18:01:42 +05:00
|
|
|
responseType: 'forbidden',
|
2019-10-18 08:06:34 +05:00
|
|
|
},
|
2020-04-03 00:35:25 +05:00
|
|
|
emailAlreadyInUse: {
|
2019-11-05 18:01:42 +05:00
|
|
|
responseType: 'conflict',
|
|
|
|
|
},
|
2019-10-18 08:06:34 +05:00
|
|
|
},
|
|
|
|
|
|
2021-06-24 01:05:22 +05:00
|
|
|
async fn(inputs) {
|
2019-10-18 08:06:34 +05:00
|
|
|
const { currentUser } = this.req;
|
|
|
|
|
|
|
|
|
|
if (inputs.id === currentUser.id) {
|
|
|
|
|
if (!inputs.currentPassword) {
|
2020-04-03 00:35:25 +05:00
|
|
|
throw Errors.INVALID_CURRENT_PASSWORD;
|
2019-10-18 08:06:34 +05:00
|
|
|
}
|
|
|
|
|
} else if (!currentUser.isAdmin) {
|
|
|
|
|
throw Errors.USER_NOT_FOUND; // Forbidden
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-24 01:05:22 +05:00
|
|
|
let user = await sails.helpers.users.getOne(inputs.id);
|
2019-10-18 08:06:34 +05:00
|
|
|
|
|
|
|
|
if (!user) {
|
|
|
|
|
throw Errors.USER_NOT_FOUND;
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-17 19:18:19 +02:00
|
|
|
if (user.email === sails.config.custom.defaultAdminEmail || user.isSso) {
|
|
|
|
|
throw Errors.NOT_ENOUGH_RIGHTS;
|
2023-09-12 01:12:38 +02:00
|
|
|
}
|
|
|
|
|
|
2019-10-18 08:06:34 +05:00
|
|
|
if (
|
2020-02-03 18:42:31 +05:00
|
|
|
inputs.id === currentUser.id &&
|
|
|
|
|
!bcrypt.compareSync(inputs.currentPassword, user.password)
|
2019-10-18 08:06:34 +05:00
|
|
|
) {
|
2020-04-03 00:35:25 +05:00
|
|
|
throw Errors.INVALID_CURRENT_PASSWORD;
|
2019-10-18 08:06:34 +05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const values = _.pick(inputs, ['email']);
|
|
|
|
|
|
2022-12-26 21:10:50 +01:00
|
|
|
user = await sails.helpers.users.updateOne
|
|
|
|
|
.with({
|
|
|
|
|
values,
|
|
|
|
|
record: user,
|
|
|
|
|
user: currentUser,
|
|
|
|
|
request: this.req,
|
|
|
|
|
})
|
2020-04-03 00:35:25 +05:00
|
|
|
.intercept('emailAlreadyInUse', () => Errors.EMAIL_ALREADY_IN_USE);
|
2019-10-18 08:06:34 +05:00
|
|
|
|
|
|
|
|
if (!user) {
|
|
|
|
|
throw Errors.USER_NOT_FOUND;
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-24 01:05:22 +05:00
|
|
|
return {
|
2020-05-26 00:46:04 +05:00
|
|
|
item: user,
|
2021-06-24 01:05:22 +05:00
|
|
|
};
|
2019-11-05 18:01:42 +05:00
|
|
|
},
|
2019-10-18 08:06:34 +05:00
|
|
|
};
|
