From d88beab54062924d16af5f562442097602eff0d3 Mon Sep 17 00:00:00 2001 From: sundowndev Date: Fri, 16 Nov 2018 18:20:25 +0100 Subject: [PATCH] User routes --- app/routes/user/index.js | 26 ++++++++++++++-------- app/routes/user/update.js | 45 ++++++++++++++++++++++++++++++--------- 2 files changed, 52 insertions(+), 19 deletions(-) diff --git a/app/routes/user/index.js b/app/routes/user/index.js index a245680..e496cdd 100644 --- a/app/routes/user/index.js +++ b/app/routes/user/index.js @@ -5,13 +5,16 @@ const update = require('./update'); const remove = require('./delete'); const notes = require('./notes'); -const Authentication = require.main.require('./app/validation/auth'); +const Authentication = require.main.require('./app/validation/auth/auth'); +const UpdateValidation = require.main.require('./app/validation/user/update'); +const DeleteValidation = require.main.require('./app/validation/user/delete'); /** * @api {get} /user/me Get account information * @apiName GetUser * @apiGroup User * + * @apiSuccess {String} id Unique ID of the User. * @apiSuccess {String} firstname Firstname of the User. * @apiSuccess {String} lastname Lastname of the User. * @apiSuccess {String} email Email of the User. @@ -24,22 +27,27 @@ user.get('/me', Authentication, profile); * @apiGroup User * @apiDescription Send only password and new_password to change the password. Otherwise they will be ignored. * - * @apiParam {String} Firstname New firstname. - * @apiParam {String} Lastname New lastname. - * @apiParam {String} Email New email address. - * @apiParam {String} Password Actual password. - * @apiParam {String} Password New password. + * @apiParam {String} firstname New firstname. (optional) + * @apiParam {String} lastname New lastname. (optional) + * @apiParam {String} email New email address. (optional) + * @apiParam {String} password Actual password. (optional) + * @apiParam {String} new_password New password (only if you passed password parameter). * - * @apiSuccess {Object} user User object. + * @apiSuccess {String} id Unique ID of the User. + * @apiSuccess {String} firstname Firstname of the User. + * @apiSuccess {String} lastname Lastname of the User. + * @apiSuccess {String} email Email of the User. */ -user.put('/me', Authentication, update); +user.put('/me', Authentication, UpdateValidation, update); /** * @api {delete} /user/me Delete account * @apiName DeleteUser * @apiGroup User + * + * @apiParam {String} password Account password. */ -user.delete('/me', Authentication, remove); +user.delete('/me', Authentication, DeleteValidation, remove); /** * @api {get} /user/me/notes Get all notes diff --git a/app/routes/user/update.js b/app/routes/user/update.js index 66c0e4b..3ebfab2 100644 --- a/app/routes/user/update.js +++ b/app/routes/user/update.js @@ -1,20 +1,45 @@ const mongoose = require('mongoose'); const jwt = require('jsonwebtoken'); +const bcrypt = require('bcrypt-nodejs'); module.exports = (req, res, next) => { const UserModel = mongoose.model('User'); const { user } = jwt.decode(req.headers.authorization); - return UserModel.findById(user.id, 'id firstname lastname email') - .lean() - .exec() - .then((result) => { - if (result === null) { - return next({ status: 401, message: 'User does not exists.' }); - } + return UserModel.findOne({ _id: user.id }, (err, userObj) => { + if (!userObj) { + return next({ status: 401, message: 'User does not exists.' }); + } - return res.status(200).json(result); - }) - .catch(() => next({ status: 401, message: 'User does not exists.' })); + if (req.body.password) { + bcrypt.compare(req.body.password, user.password, (error, result) => { + if (!result || error) { + return next( + { + status: 401, + message: 'Authentication failed. Wrong password.', + } + ); + } + + if (req.body.password === req.body.new_password) { + return next( + { + status: 401, + message: 'New password must be different than old password.', + } + ); + } + + userObj.password = bcrypt.hashSync(req.body.new_password); + }); + } else { + userObj.firstname = req.body.firstname || userObj.firstname; + userObj.lastname = req.body.lastname || userObj.lastname; + userObj.email = req.body.email || userObj.email; + } + + return userObj.save(() => res.status(200).json(userObj)); + }); };