Password change API for any user. Related to xo-web issue#362

src/api/user.js

@@ -72,3 +72,15 @@ set.params = {
   password: { type: 'string', optional: true },
   permission: { type: 'string', optional: true }
 }
+
+export async function changePassword ({id, oldPassword, newPassword}) {
+  await this.changePassword(id, oldPassword, newPassword)
+}
+
+changePassword.description = 'change password after checking old password (user function)'
+
+changePassword.params = {
+  id: {type: 'string'},
+  oldPassword: {type: 'string'},
+  newPassword: {type: 'string'}
+}

src/xo.js

@@ -28,7 +28,7 @@ import {autobind} from './decorators'
 import {generateToken} from './utils'
 import {Groups} from './models/group'
 import {Jobs} from './models/job'
-import {JsonRpcError, NoSuchObject} from './api-errors'
+import {InvalidCredential, JsonRpcError, NoSuchObject} from './api-errors'
 import {ModelAlreadyExists} from './collection'
 import {Remotes} from './models/remote'
 import {Schedules} from './models/schedule'
@@ -334,6 +334,17 @@ export default class Xo extends EventEmitter {
     })
   }
 
+  async changePassword (id, oldPassword, newPassword) {
+    const user = await this._getUser(id)
+
+    const auth = await user.checkPassword(oldPassword)
+    if (!auth) {
+      throw new InvalidCredential()
+    }
+    await user.setPassword(newPassword)
+    return await this._users.save(user.properties)
+  }
+
   // -----------------------------------------------------------------
 
   async createGroup ({name}) {