planka/server/api/controllers/users/update-password.js

const bcrypt = require('bcrypt');

const Errors = {
  USER_NOT_FOUND: {
    userNotFound: 'User not found',
  },
  INVALID_CURRENT_PASSWORD: {
    invalidCurrentPassword: 'Invalid current password',
  },
};

module.exports = {
  inputs: {
    id: {
      type: 'string',
      regex: /^[0-9]+$/,
      required: true,
    },
    password: {
      type: 'string',
      required: true,
    },
    currentPassword: {
      type: 'string',
      isNotEmptyString: true,
    },
  },

  exits: {
    userNotFound: {
      responseType: 'notFound',
    },
    invalidCurrentPassword: {
      responseType: 'forbidden',
    },
  },

  async fn(inputs, exits) {
    const { currentUser } = this.req;

    if (inputs.id === currentUser.id) {
      if (!inputs.currentPassword) {
        throw Errors.INVALID_CURRENT_PASSWORD;
      }
    } else if (!currentUser.isAdmin) {
      throw Errors.USER_NOT_FOUND; // Forbidden
    }

    let user = await sails.helpers.getUser(inputs.id);

    if (!user) {
      throw Errors.USER_NOT_FOUND;
    }

    if (
      inputs.id === currentUser.id &&
      !bcrypt.compareSync(inputs.currentPassword, user.password)
    ) {
      throw Errors.INVALID_CURRENT_PASSWORD;
    }

    const values = _.pick(inputs, ['password']);

    user = await sails.helpers.updateUser(user, values, this.req);

    if (!user) {
      throw Errors.USER_NOT_FOUND;
    }

    return exits.success({
      item: null,
    });
  },
};
Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`const bcrypt = require('bcrypt');`

			`const Errors = {`
			`USER_NOT_FOUND: {`
Add username to user 2020-04-03 00:35:25 +05:00			`userNotFound: 'User not found',`
Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`},`
Add username to user 2020-04-03 00:35:25 +05:00			`INVALID_CURRENT_PASSWORD: {`
			`invalidCurrentPassword: 'Invalid current password',`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`},`
Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`};`

			`module.exports = {`
			`inputs: {`
			`id: {`
			`type: 'string',`
			`regex: /^[0-9]+$/,`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`required: true,`
Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`},`
			`password: {`
			`type: 'string',`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`required: true,`
Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`},`
			`currentPassword: {`
			`type: 'string',`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`isNotEmptyString: true,`
			`},`
Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`},`

			`exits: {`
Add username to user 2020-04-03 00:35:25 +05:00			`userNotFound: {`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`responseType: 'notFound',`
Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`},`
Add username to user 2020-04-03 00:35:25 +05:00			`invalidCurrentPassword: {`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`responseType: 'forbidden',`
			`},`
Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`},`

Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`async fn(inputs, exits) {`
Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`const { currentUser } = this.req;`

			`if (inputs.id === currentUser.id) {`
			`if (!inputs.currentPassword) {`
Add username to user 2020-04-03 00:35:25 +05:00			`throw Errors.INVALID_CURRENT_PASSWORD;`
Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`}`
			`} else if (!currentUser.isAdmin) {`
			`throw Errors.USER_NOT_FOUND; // Forbidden`
			`}`

			`let user = await sails.helpers.getUser(inputs.id);`

			`if (!user) {`
			`throw Errors.USER_NOT_FOUND;`
			`}`

			`if (`
Move from prettier-eslint to eslint-plugin-prettier, update dependencies 2020-02-03 18:42:31 +05:00			`inputs.id === currentUser.id &&`
			`!bcrypt.compareSync(inputs.currentPassword, user.password)`
Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`) {`
Add username to user 2020-04-03 00:35:25 +05:00			`throw Errors.INVALID_CURRENT_PASSWORD;`
Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`}`

			`const values = _.pick(inputs, ['password']);`

			`user = await sails.helpers.updateUser(user, values, this.req);`

			`if (!user) {`
			`throw Errors.USER_NOT_FOUND;`
			`}`

			`return exits.success({`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`item: null,`
Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`});`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`},`
Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`};`