From f37d20694386e59622fdfab586a9b580011efce6 Mon Sep 17 00:00:00 2001 From: Pitu Date: Thu, 28 Feb 2019 23:26:28 +0900 Subject: Change password and api keys --- src/api/routes/user/changePasswordPOST.js | 40 +++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 src/api/routes/user/changePasswordPOST.js (limited to 'src/api/routes/user/changePasswordPOST.js') diff --git a/src/api/routes/user/changePasswordPOST.js b/src/api/routes/user/changePasswordPOST.js new file mode 100644 index 0000000..d73cff3 --- /dev/null +++ b/src/api/routes/user/changePasswordPOST.js @@ -0,0 +1,40 @@ +const Route = require('../../structures/Route'); +const log = require('../../utils/Log'); +const bcrypt = require('bcrypt'); +const moment = require('moment'); + +class changePasswordPOST extends Route { + constructor() { + super('/user/password/change', 'post'); + } + + async run(req, res, db, user) { + if (!req.body) return res.status(400).json({ message: 'No body provided' }); + const { password, newPassword } = req.body; + if (!password || !newPassword) return res.status(401).json({ message: 'Invalid body provided' }); + if (password === newPassword) return res.status(400).json({ message: 'Passwords have to be different' }); + + if (newPassword.length < 6 || newPassword.length > 64) { + return res.status(400).json({ message: 'Password must have 6-64 characters' }); + } + + let hash; + try { + hash = await bcrypt.hash(newPassword, 10); + } catch (error) { + log.error('Error generating password hash'); + log.error(error); + return res.status(401).json({ message: 'There was a problem processing your account' }); + } + + const now = moment.utc().toDate(); + await db.table('users').where('id', user.id).update({ + password: hash, + passwordEditedAt: now + }); + + return res.json({ message: 'The password was changed successfully' }); + } +} + +module.exports = changePasswordPOST; -- cgit v1.2.3 From 99bc74875edb44b4e679b17158511474cd575e10 Mon Sep 17 00:00:00 2001 From: Pitu Date: Sat, 2 Mar 2019 22:36:16 +0900 Subject: Various password fixes --- src/api/routes/user/changePasswordPOST.js | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src/api/routes/user/changePasswordPOST.js') diff --git a/src/api/routes/user/changePasswordPOST.js b/src/api/routes/user/changePasswordPOST.js index d73cff3..9cd621e 100644 --- a/src/api/routes/user/changePasswordPOST.js +++ b/src/api/routes/user/changePasswordPOST.js @@ -14,6 +14,12 @@ class changePasswordPOST extends Route { if (!password || !newPassword) return res.status(401).json({ message: 'Invalid body provided' }); if (password === newPassword) return res.status(400).json({ message: 'Passwords have to be different' }); + /* + Checks if the password is right + */ + const comparePassword = await bcrypt.compare(password, user.password); + if (!comparePassword) return res.status(401).json({ message: 'Current password is incorrect' }); + if (newPassword.length < 6 || newPassword.length > 64) { return res.status(400).json({ message: 'Password must have 6-64 characters' }); } -- cgit v1.2.3 From ad852de51a0d2dd5d29c08838d5a430c58849e74 Mon Sep 17 00:00:00 2001 From: Zephyrrus Date: Wed, 8 Jul 2020 04:00:12 +0300 Subject: chore: linter the entire project using the new rules --- src/api/routes/user/changePasswordPOST.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/api/routes/user/changePasswordPOST.js') diff --git a/src/api/routes/user/changePasswordPOST.js b/src/api/routes/user/changePasswordPOST.js index 9cd621e..1b3a27a 100644 --- a/src/api/routes/user/changePasswordPOST.js +++ b/src/api/routes/user/changePasswordPOST.js @@ -1,7 +1,7 @@ -const Route = require('../../structures/Route'); -const log = require('../../utils/Log'); const bcrypt = require('bcrypt'); const moment = require('moment'); +const Route = require('../../structures/Route'); +const log = require('../../utils/Log'); class changePasswordPOST extends Route { constructor() { @@ -36,7 +36,7 @@ class changePasswordPOST extends Route { const now = moment.utc().toDate(); await db.table('users').where('id', user.id).update({ password: hash, - passwordEditedAt: now + passwordEditedAt: now, }); return res.json({ message: 'The password was changed successfully' }); -- cgit v1.2.3 From 90001c2df56d58e69fd199a518ae7f3e4ed327fc Mon Sep 17 00:00:00 2001 From: Zephyrrus Date: Thu, 24 Dec 2020 10:40:50 +0200 Subject: chore: remove trailing commas --- src/api/routes/user/changePasswordPOST.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/api/routes/user/changePasswordPOST.js') diff --git a/src/api/routes/user/changePasswordPOST.js b/src/api/routes/user/changePasswordPOST.js index 1b3a27a..82bce40 100644 --- a/src/api/routes/user/changePasswordPOST.js +++ b/src/api/routes/user/changePasswordPOST.js @@ -36,7 +36,7 @@ class changePasswordPOST extends Route { const now = moment.utc().toDate(); await db.table('users').where('id', user.id).update({ password: hash, - passwordEditedAt: now, + passwordEditedAt: now }); return res.json({ message: 'The password was changed successfully' }); -- cgit v1.2.3