HM-109. Добавлена ручка для смены пароля
This commit is contained in:
vigdorov
@ -1,6 +1,6 @@
|
||||
import {Controller, Get, Req, Post, Options, Header, Delete, HttpCode, Put} from '@nestjs/common';
|
||||
|
||||
import { ApiResponse, ApiTags, ApiParam, ApiBody } from '@nestjs/swagger';
|
||||
import {ApiResponse, ApiTags, ApiParam, ApiBody} from '@nestjs/swagger';
|
||||
import {
|
||||
ALLOW_ORIGIN_ALL,
|
||||
ALLOW_METHOD,
|
||||
@ -9,14 +9,15 @@ import {
|
||||
ALLOW_HEADERS,
|
||||
USERS_CONTROLLER,
|
||||
} from '../consts';
|
||||
import { UserService } from './users.service';
|
||||
import {UserService} from './users.service';
|
||||
import {
|
||||
UserResponse,
|
||||
CreateUserRequest,
|
||||
UpdateUserRequest,
|
||||
UpdateUserSelf,
|
||||
ChangePasswordRequest,
|
||||
} from './users.schema';
|
||||
import { Request } from 'express';
|
||||
import {Request} from 'express';
|
||||
import {
|
||||
FIND_ALL_SUCCESS,
|
||||
FIND_ONE_SUCCESS,
|
||||
@ -31,6 +32,8 @@ import {
|
||||
REMOVE_NOT_FOUND,
|
||||
EDIT_ME_SUCCESS,
|
||||
EDIT_ME_NOT_VALID,
|
||||
CHANGE_PASSWORD_SUCCESS,
|
||||
CHANGE_PASSWORD_NOT_VALID,
|
||||
} from './users.responses';
|
||||
import {AuthService} from 'src/auth/auth.service';
|
||||
|
||||
@ -78,6 +81,10 @@ export class UsersController {
|
||||
@Header(...ALLOW_ORIGIN_ALL)
|
||||
@ApiResponse(EDIT_ME_SUCCESS)
|
||||
@ApiResponse(EDIT_ME_NOT_VALID)
|
||||
@ApiBody({
|
||||
type: UpdateUserSelf,
|
||||
description: 'Объект обновления пользователя',
|
||||
})
|
||||
async findEdit(@Req() request: Request<null, UpdateUserSelf>): Promise<UserResponse> {
|
||||
await this.authService.checkRequest(request);
|
||||
|
||||
@ -128,6 +135,21 @@ export class UsersController {
|
||||
return await this.userService.removeOne(request.params.login);
|
||||
}
|
||||
|
||||
@Post('change-password')
|
||||
@Header(...ALLOW_ORIGIN_ALL)
|
||||
@ApiResponse(CHANGE_PASSWORD_SUCCESS)
|
||||
@ApiResponse(CHANGE_PASSWORD_NOT_VALID)
|
||||
@ApiBody({
|
||||
type: ChangePasswordRequest,
|
||||
description: 'Объект изменения пароля',
|
||||
})
|
||||
async changePassword(@Req() request: Request<null, {old_password: string, new_password: string}>): Promise<string> {
|
||||
await this.authService.checkRequest(request);
|
||||
|
||||
const {headers, body} = request;
|
||||
return await this.userService.changePassword(headers.authorization, body.old_password, body.new_password);
|
||||
}
|
||||
|
||||
@Options([
|
||||
'', 'search/:login', ':login', 'me', 'edit-me'
|
||||
])
|
||||
|
||||
@ -96,3 +96,15 @@ export const EDIT_ME_NOT_VALID: ApiResponseOptions = {
|
||||
description: 'Ошибка при попытке обновить пользователя с невалидными полями',
|
||||
type: Error,
|
||||
};
|
||||
|
||||
export const CHANGE_PASSWORD_SUCCESS: ApiResponseOptions = {
|
||||
status: 200,
|
||||
description: 'Возвращает "ok" при успешном изменении пароля',
|
||||
type: String,
|
||||
};
|
||||
|
||||
export const CHANGE_PASSWORD_NOT_VALID: ApiResponseOptions = {
|
||||
status: 400,
|
||||
description: 'Ошибка при не верном вводе старого пароля',
|
||||
type: Error,
|
||||
};
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
import { Prop, Schema, SchemaFactory } from '@nestjs/mongoose';
|
||||
import {Prop, Schema, SchemaFactory} from '@nestjs/mongoose';
|
||||
import {ApiProperty} from '@nestjs/swagger';
|
||||
import { Document } from 'mongoose';
|
||||
import {Document} from 'mongoose';
|
||||
|
||||
export class CreateUserRequest {
|
||||
@ApiProperty()
|
||||
@ -67,6 +67,14 @@ export class CheckAuthTokenRequest {
|
||||
agent: string;
|
||||
}
|
||||
|
||||
export class ChangePasswordRequest {
|
||||
@ApiProperty()
|
||||
old_password: string;
|
||||
|
||||
@ApiProperty()
|
||||
new_password: string;
|
||||
}
|
||||
|
||||
export class RefreshAuthRequest {
|
||||
@ApiProperty()
|
||||
refresh_token: string;
|
||||
@ -107,6 +115,11 @@ export class User extends Document {
|
||||
type: Boolean,
|
||||
})
|
||||
is_admin: boolean;
|
||||
|
||||
@Prop({
|
||||
type: String,
|
||||
})
|
||||
salt: string;
|
||||
}
|
||||
|
||||
@Schema()
|
||||
|
||||
@ -216,4 +216,19 @@ export class UserService {
|
||||
login,
|
||||
});
|
||||
}
|
||||
|
||||
async changePassword(access_token: string, old_password: string, new_password: string): Promise<string> {
|
||||
const {login} = jwt.decode(access_token) as Token;
|
||||
const user = await this.userModel().findOne({login});
|
||||
if (user && await this.checkPassword(old_password, user.password)) {
|
||||
const salt = user.salt;
|
||||
const password = await bcrypt.hash(new_password, salt);
|
||||
await user.updateOne({
|
||||
password,
|
||||
});
|
||||
|
||||
return 'ok';
|
||||
}
|
||||
throw new BadRequestException('Unauthorized request');
|
||||
}
|
||||
}
|
||||
12
users.http
12
users.http
@ -9,7 +9,7 @@ POST http://localhost:4002/users HTTP/1.1
|
||||
content-type: application/json
|
||||
|
||||
{
|
||||
"login": "gfhHfgDHDU89",
|
||||
"login": "string",
|
||||
"avatar": "string",
|
||||
"password": "string"
|
||||
}
|
||||
@ -63,3 +63,13 @@ Authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsb2dpbiI6InN0cmluZyIsImFn
|
||||
{
|
||||
"avatar": "hui"
|
||||
}
|
||||
|
||||
###
|
||||
POST http://localhost:4002/users/change-password HTTP/1.1
|
||||
content-type: application/json
|
||||
Authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsb2dpbiI6InN0cmluZyIsImFnZW50IjoidnNjb2RlLXJlc3RjbGllbnQiLCJpYXQiOjE1OTY4OTE3NjIsImV4cCI6MTU5Njg5MTc4Mn0.u_sYoVdCPjioimDZ-m7j3wAvgvaiw-pAl-OL5ei87K8
|
||||
|
||||
{
|
||||
"old_password": "string32",
|
||||
"new_password": "string"
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user