From 82ae81d8fe24f3c88c238d7f9a458145e9fe0ec6 Mon Sep 17 00:00:00 2001 From: kachulio1 Date: Sat, 9 Mar 2019 13:36:27 +0300 Subject: [PATCH] add changePasssword mutation --- src/middleware/permissionsMiddleware.js | 4 +- src/resolvers/user_management.js | 69 ++++++++++++++++++++++--- src/schema.graphql | 1 + 3 files changed, 64 insertions(+), 10 deletions(-) diff --git a/src/middleware/permissionsMiddleware.js b/src/middleware/permissionsMiddleware.js index 7fb6e75b8..434b97200 100644 --- a/src/middleware/permissionsMiddleware.js +++ b/src/middleware/permissionsMiddleware.js @@ -56,9 +56,9 @@ const permissions = shield({ CreateBadge: isAdmin, UpdateBadge: isAdmin, DeleteBadge: isAdmin, - enable: isModerator, - disable: isModerator + disable: isModerator, + changePassword: isAuthenticated // addFruitToBasket: isAuthenticated // CreateUser: allow, }, diff --git a/src/resolvers/user_management.js b/src/resolvers/user_management.js index ec4ae7ce2..3a7698e24 100644 --- a/src/resolvers/user_management.js +++ b/src/resolvers/user_management.js @@ -30,22 +30,75 @@ export default { // throw new Error('Already logged in.') // } const session = driver.session() - return session.run( - 'MATCH (user:User {email: $userEmail}) ' + - 'RETURN user {.id, .slug, .name, .avatar, .email, .password, .role} as user LIMIT 1', { - userEmail: email - }) - .then(async (result) => { + return session + .run( + 'MATCH (user:User {email: $userEmail}) ' + + 'RETURN user {.id, .slug, .name, .avatar, .email, .password, .role} as user LIMIT 1', + { + userEmail: email + } + ) + .then(async result => { session.close() const [currentUser] = await result.records.map(function (record) { return record.get('user') }) - if (currentUser && await bcrypt.compareSync(password, currentUser.password)) { + if ( + currentUser && + (await bcrypt.compareSync(password, currentUser.password)) + ) { delete currentUser.password return encode(currentUser) - } else throw new AuthenticationError('Incorrect email address or password.') + } else { + throw new AuthenticationError( + 'Incorrect email address or password.' + ) + } }) + }, + changePassword: async ( + _, + { oldPassword, newPassword }, + { driver, user } + ) => { + const session = driver.session() + let result = await session.run( + `MATCH (user:User {email: $userEmail}) + RETURN user {.id, .email, .password}`, + { + userEmail: user.email + } + ) + + const [currentUser] = result.records.map(function (record) { + return record.get('user') + }) + + if (!(await bcrypt.compareSync(oldPassword, currentUser.password))) { + throw new AuthenticationError('Old password isn\'t valid') + } + + if (await bcrypt.compareSync(newPassword, currentUser.password)) { + throw new AuthenticationError( + 'Old password and New password should not be same' + ) + } else { + const newHashedPassword = await bcrypt.hashSync(newPassword, 10) + session.run( + `MATCH (user:User {email: $userEmail}) + SET user.password = $newHashedPassword + RETURN user + `, + { + userEmail: user.email, + newHashedPassword + } + ) + session.close() + + return encode(currentUser) + } } } } diff --git a/src/schema.graphql b/src/schema.graphql index 0cf099411..b6abd8f81 100644 --- a/src/schema.graphql +++ b/src/schema.graphql @@ -9,6 +9,7 @@ type Mutation { "Get a JWT Token for the given Email and password" login(email: String!, password: String!): String! signup(email: String!, password: String!): Boolean! + changePassword(oldPassword:String!, newPassword: String!): String! report(resource: Resource!, description: String): Report "Shout the given Type and ID" shout(id: ID!, type: ShoutTypeEnum): Boolean! @cypher(statement: """