Merge pull request #85 from vatesfr/changePassword

Password change API for any user. Related to xo-web issue#362
2015-09-14 16:34:45 +02:00
parent 5962283ad3 dba3e30d02
commit fd97541417
3 changed files with 31 additions and 2 deletions
--- a/src/api/user.js
+++ b/src/api/user.js
@@ -72,3 +72,17 @@ set.params = {
  password: { type: 'string', optional: true },
  permission: { type: 'string', optional: true }
 }
+
+export async function changePassword ({oldPassword, newPassword}) {
+  const id = this.session.get('user_id')
+  await this.changePassword(id, oldPassword, newPassword)
+}
+
+changePassword.description = 'change password after checking old password (user function)'
+
+changePassword.permission = ''
+
+changePassword.params = {
+  oldPassword: {type: 'string'},
+  newPassword: {type: 'string'}
+}
--- a/src/index.js
+++ b/src/index.js
@@ -335,7 +335,7 @@ const apiHelpers = {
    // Handles both properties and wrapped models.
    const properties = user.properties || user

-    return pick(properties, 'id', 'email', 'groups', 'permission')
+    return pick(properties, 'id', 'email', 'groups', 'permission', 'provider')
  },

  getServerPublicProperties (server) {
--- a/src/xo.js
+++ b/src/xo.js
@@ -28,7 +28,7 @@ import {autobind} from './decorators'
 import {generateToken} from './utils'
 import {Groups} from './models/group'
 import {Jobs} from './models/job'
-import {JsonRpcError, NoSuchObject} from './api-errors'
+import {InvalidCredential, JsonRpcError, NoSuchObject} from './api-errors'
 import {ModelAlreadyExists} from './collection'
 import {Remotes} from './models/remote'
 import {Schedules} from './models/schedule'
@@ -334,6 +334,21 @@ export default class Xo extends EventEmitter {
    })
  }

+  async changePassword (id, oldPassword, newPassword) {
+    const user = await this._getUser(id)
+
+    if (user.get('provider')) {
+      throw new Error('Password change is only for locally created users')
+    }
+
+    const auth = await user.checkPassword(oldPassword)
+    if (!auth) {
+      throw new InvalidCredential()
+    }
+    await user.setPassword(newPassword)
+    await this._users.save(user.properties)
+  }
+
  // -----------------------------------------------------------------

  async createGroup ({name}) {