User routes

app/routes/user/index.js

@@ -5,13 +5,16 @@ const update = require('./update');
 const remove = require('./delete');
 const notes = require('./notes');
 
-const Authentication = require.main.require('./app/validation/auth');
+const Authentication = require.main.require('./app/validation/auth/auth');
+const UpdateValidation = require.main.require('./app/validation/user/update');
+const DeleteValidation = require.main.require('./app/validation/user/delete');
 
 /**
  * @api {get} /user/me Get account information
  * @apiName GetUser
  * @apiGroup User
  *
+ * @apiSuccess {String} id Unique ID of the User.
  * @apiSuccess {String} firstname Firstname of the User.
  * @apiSuccess {String} lastname  Lastname of the User.
  * @apiSuccess {String} email  Email of the User.
@@ -24,22 +27,27 @@ user.get('/me', Authentication, profile);
   * @apiGroup User
   * @apiDescription Send only password and new_password to change the password. Otherwise they will be ignored.
   *
-  * @apiParam {String} Firstname New firstname.
-  * @apiParam {String} Lastname New lastname.
-  * @apiParam {String} Email New email address.
-  * @apiParam {String} Password Actual password.
-  * @apiParam {String} Password New password.
+  * @apiParam {String} firstname New firstname. (optional)
+  * @apiParam {String} lastname New lastname. (optional)
+  * @apiParam {String} email New email address. (optional)
+  * @apiParam {String} password Actual password. (optional)
+  * @apiParam {String} new_password New password (only if you passed password parameter).
   *
-  * @apiSuccess {Object} user User object.
+  * @apiSuccess {String} id Unique ID of the User.
+  * @apiSuccess {String} firstname Firstname of the User.
+  * @apiSuccess {String} lastname  Lastname of the User.
+  * @apiSuccess {String} email  Email of the User.
   */
-user.put('/me', Authentication, update);
+user.put('/me', Authentication, UpdateValidation, update);
 
 /**
  * @api {delete} /user/me Delete account
  * @apiName DeleteUser
  * @apiGroup User
+ *
+ * @apiParam {String} password Account password.
  */
-user.delete('/me', Authentication, remove);
+user.delete('/me', Authentication, DeleteValidation, remove);
 
 /**
   * @api {get} /user/me/notes Get all notes

app/routes/user/update.js

@@ -1,20 +1,45 @@
 const mongoose = require('mongoose');
 const jwt = require('jsonwebtoken');
+const bcrypt = require('bcrypt-nodejs');
 
 module.exports = (req, res, next) => {
   const UserModel = mongoose.model('User');
 
   const { user } = jwt.decode(req.headers.authorization);
 
-  return UserModel.findById(user.id, 'id firstname lastname email')
-    .lean()
-    .exec()
-    .then((result) => {
-      if (result === null) {
-        return next({ status: 401, message: 'User does not exists.' });
-      }
+  return UserModel.findOne({ _id: user.id }, (err, userObj) => {
+    if (!userObj) {
+      return next({ status: 401, message: 'User does not exists.' });
+    }
 
-      return res.status(200).json(result);
-    })
-    .catch(() => next({ status: 401, message: 'User does not exists.' }));
+    if (req.body.password) {
+      bcrypt.compare(req.body.password, user.password, (error, result) => {
+        if (!result || error) {
+          return next(
+            {
+              status: 401,
+              message: 'Authentication failed. Wrong password.',
+            }
+          );
+        }
+
+        if (req.body.password === req.body.new_password) {
+          return next(
+            {
+              status: 401,
+              message: 'New password must be different than old password.',
+            }
+          );
+        }
+
+        userObj.password = bcrypt.hashSync(req.body.new_password);
+      });
+    } else {
+      userObj.firstname = req.body.firstname || userObj.firstname;
+      userObj.lastname = req.body.lastname || userObj.lastname;
+      userObj.email = req.body.email || userObj.email;
+    }
+
+    return userObj.save(() => res.status(200).json(userObj));
+  });
 };