HM-109. Добавлена ручка для смены пароля
This commit is contained in:
vigdorov
@ -15,6 +15,7 @@ import {
|
|||||||
CreateUserRequest,
|
CreateUserRequest,
|
||||||
UpdateUserRequest,
|
UpdateUserRequest,
|
||||||
UpdateUserSelf,
|
UpdateUserSelf,
|
||||||
|
ChangePasswordRequest,
|
||||||
} from './users.schema';
|
} from './users.schema';
|
||||||
import {Request} from 'express';
|
import {Request} from 'express';
|
||||||
import {
|
import {
|
||||||
@ -31,6 +32,8 @@ import {
|
|||||||
REMOVE_NOT_FOUND,
|
REMOVE_NOT_FOUND,
|
||||||
EDIT_ME_SUCCESS,
|
EDIT_ME_SUCCESS,
|
||||||
EDIT_ME_NOT_VALID,
|
EDIT_ME_NOT_VALID,
|
||||||
|
CHANGE_PASSWORD_SUCCESS,
|
||||||
|
CHANGE_PASSWORD_NOT_VALID,
|
||||||
} from './users.responses';
|
} from './users.responses';
|
||||||
import {AuthService} from 'src/auth/auth.service';
|
import {AuthService} from 'src/auth/auth.service';
|
||||||
|
|
||||||
@ -78,6 +81,10 @@ export class UsersController {
|
|||||||
@Header(...ALLOW_ORIGIN_ALL)
|
@Header(...ALLOW_ORIGIN_ALL)
|
||||||
@ApiResponse(EDIT_ME_SUCCESS)
|
@ApiResponse(EDIT_ME_SUCCESS)
|
||||||
@ApiResponse(EDIT_ME_NOT_VALID)
|
@ApiResponse(EDIT_ME_NOT_VALID)
|
||||||
|
@ApiBody({
|
||||||
|
type: UpdateUserSelf,
|
||||||
|
description: 'Объект обновления пользователя',
|
||||||
|
})
|
||||||
async findEdit(@Req() request: Request<null, UpdateUserSelf>): Promise<UserResponse> {
|
async findEdit(@Req() request: Request<null, UpdateUserSelf>): Promise<UserResponse> {
|
||||||
await this.authService.checkRequest(request);
|
await this.authService.checkRequest(request);
|
||||||
|
|
||||||
@ -128,6 +135,21 @@ export class UsersController {
|
|||||||
return await this.userService.removeOne(request.params.login);
|
return await this.userService.removeOne(request.params.login);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Post('change-password')
|
||||||
|
@Header(...ALLOW_ORIGIN_ALL)
|
||||||
|
@ApiResponse(CHANGE_PASSWORD_SUCCESS)
|
||||||
|
@ApiResponse(CHANGE_PASSWORD_NOT_VALID)
|
||||||
|
@ApiBody({
|
||||||
|
type: ChangePasswordRequest,
|
||||||
|
description: 'Объект изменения пароля',
|
||||||
|
})
|
||||||
|
async changePassword(@Req() request: Request<null, {old_password: string, new_password: string}>): Promise<string> {
|
||||||
|
await this.authService.checkRequest(request);
|
||||||
|
|
||||||
|
const {headers, body} = request;
|
||||||
|
return await this.userService.changePassword(headers.authorization, body.old_password, body.new_password);
|
||||||
|
}
|
||||||
|
|
||||||
@Options([
|
@Options([
|
||||||
'', 'search/:login', ':login', 'me', 'edit-me'
|
'', 'search/:login', ':login', 'me', 'edit-me'
|
||||||
])
|
])
|
||||||
|
|||||||
@ -96,3 +96,15 @@ export const EDIT_ME_NOT_VALID: ApiResponseOptions = {
|
|||||||
description: 'Ошибка при попытке обновить пользователя с невалидными полями',
|
description: 'Ошибка при попытке обновить пользователя с невалидными полями',
|
||||||
type: Error,
|
type: Error,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
export const CHANGE_PASSWORD_SUCCESS: ApiResponseOptions = {
|
||||||
|
status: 200,
|
||||||
|
description: 'Возвращает "ok" при успешном изменении пароля',
|
||||||
|
type: String,
|
||||||
|
};
|
||||||
|
|
||||||
|
export const CHANGE_PASSWORD_NOT_VALID: ApiResponseOptions = {
|
||||||
|
status: 400,
|
||||||
|
description: 'Ошибка при не верном вводе старого пароля',
|
||||||
|
type: Error,
|
||||||
|
};
|
||||||
|
|||||||
@ -67,6 +67,14 @@ export class CheckAuthTokenRequest {
|
|||||||
agent: string;
|
agent: string;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
export class ChangePasswordRequest {
|
||||||
|
@ApiProperty()
|
||||||
|
old_password: string;
|
||||||
|
|
||||||
|
@ApiProperty()
|
||||||
|
new_password: string;
|
||||||
|
}
|
||||||
|
|
||||||
export class RefreshAuthRequest {
|
export class RefreshAuthRequest {
|
||||||
@ApiProperty()
|
@ApiProperty()
|
||||||
refresh_token: string;
|
refresh_token: string;
|
||||||
@ -107,6 +115,11 @@ export class User extends Document {
|
|||||||
type: Boolean,
|
type: Boolean,
|
||||||
})
|
})
|
||||||
is_admin: boolean;
|
is_admin: boolean;
|
||||||
|
|
||||||
|
@Prop({
|
||||||
|
type: String,
|
||||||
|
})
|
||||||
|
salt: string;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Schema()
|
@Schema()
|
||||||
|
|||||||
@ -216,4 +216,19 @@ export class UserService {
|
|||||||
login,
|
login,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async changePassword(access_token: string, old_password: string, new_password: string): Promise<string> {
|
||||||
|
const {login} = jwt.decode(access_token) as Token;
|
||||||
|
const user = await this.userModel().findOne({login});
|
||||||
|
if (user && await this.checkPassword(old_password, user.password)) {
|
||||||
|
const salt = user.salt;
|
||||||
|
const password = await bcrypt.hash(new_password, salt);
|
||||||
|
await user.updateOne({
|
||||||
|
password,
|
||||||
|
});
|
||||||
|
|
||||||
|
return 'ok';
|
||||||
|
}
|
||||||
|
throw new BadRequestException('Unauthorized request');
|
||||||
|
}
|
||||||
}
|
}
|
||||||
12
users.http
12
users.http
@ -9,7 +9,7 @@ POST http://localhost:4002/users HTTP/1.1
|
|||||||
content-type: application/json
|
content-type: application/json
|
||||||
|
|
||||||
{
|
{
|
||||||
"login": "gfhHfgDHDU89",
|
"login": "string",
|
||||||
"avatar": "string",
|
"avatar": "string",
|
||||||
"password": "string"
|
"password": "string"
|
||||||
}
|
}
|
||||||
@ -63,3 +63,13 @@ Authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsb2dpbiI6InN0cmluZyIsImFn
|
|||||||
{
|
{
|
||||||
"avatar": "hui"
|
"avatar": "hui"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
###
|
||||||
|
POST http://localhost:4002/users/change-password HTTP/1.1
|
||||||
|
content-type: application/json
|
||||||
|
Authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsb2dpbiI6InN0cmluZyIsImFnZW50IjoidnNjb2RlLXJlc3RjbGllbnQiLCJpYXQiOjE1OTY4OTE3NjIsImV4cCI6MTU5Njg5MTc4Mn0.u_sYoVdCPjioimDZ-m7j3wAvgvaiw-pAl-OL5ei87K8
|
||||||
|
|
||||||
|
{
|
||||||
|
"old_password": "string32",
|
||||||
|
"new_password": "string"
|
||||||
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user