add changePasssword mutation

src/middleware/permissionsMiddleware.js

@@ -56,9 +56,9 @@ const permissions = shield({
     CreateBadge: isAdmin,
     UpdateBadge: isAdmin,
     DeleteBadge: isAdmin,
-
     enable: isModerator,
-    disable: isModerator
+    disable: isModerator,
+    changePassword: isAuthenticated
     // addFruitToBasket: isAuthenticated
     // CreateUser: allow,
   },

src/resolvers/user_management.js

@@ -30,22 +30,75 @@ export default {
       //   throw new Error('Already logged in.')
       // }
       const session = driver.session()
-      return session.run(
+      return session
-        'MATCH (user:User {email: $userEmail}) ' +
+        .run(
-        'RETURN user {.id, .slug, .name, .avatar, .email, .password, .role} as user LIMIT 1', {
+          'MATCH (user:User {email: $userEmail}) ' +
-          userEmail: email
+            'RETURN user {.id, .slug, .name, .avatar, .email, .password, .role} as user LIMIT 1',
-        })
+          {
-        .then(async (result) => {
+            userEmail: email
+          }
+        )
+        .then(async result => {
           session.close()
           const [currentUser] = await result.records.map(function (record) {
             return record.get('user')
           })
 
-          if (currentUser && await bcrypt.compareSync(password, currentUser.password)) {
+          if (
+            currentUser &&
+            (await bcrypt.compareSync(password, currentUser.password))
+          ) {
             delete currentUser.password
             return encode(currentUser)
-          } else throw new AuthenticationError('Incorrect email address or password.')
+          } else {
+            throw new AuthenticationError(
+              'Incorrect email address or password.'
+            )
+          }
         })
+    },
+    changePassword: async (
+      _,
+      { oldPassword, newPassword },
+      { driver, user }
+    ) => {
+      const session = driver.session()
+      let result = await session.run(
+        `MATCH (user:User {email: $userEmail}) 
+         RETURN user {.id, .email, .password}`,
+        {
+          userEmail: user.email
+        }
+      )
+
+      const [currentUser] = result.records.map(function (record) {
+        return record.get('user')
+      })
+
+      if (!(await bcrypt.compareSync(oldPassword, currentUser.password))) {
+        throw new AuthenticationError('Old password isn\'t valid')
+      }
+
+      if (await bcrypt.compareSync(newPassword, currentUser.password)) {
+        throw new AuthenticationError(
+          'Old password and New password should not be same'
+        )
+      } else {
+        const newHashedPassword = await bcrypt.hashSync(newPassword, 10)
+        session.run(
+          `MATCH (user:User {email: $userEmail})
+           SET user.password = $newHashedPassword
+           RETURN user
+        `,
+          {
+            userEmail: user.email,
+            newHashedPassword
+          }
+        )
+        session.close()
+
+        return encode(currentUser)
+      }
     }
   }
 }

src/schema.graphql

@@ -9,6 +9,7 @@ type Mutation {
   "Get a JWT Token for the given Email and password"
   login(email: String!, password: String!): String!
   signup(email: String!, password: String!): Boolean!
+  changePassword(oldPassword:String!, newPassword: String!): String!
   report(resource: Resource!, description: String): Report
   "Shout the given Type and ID"
   shout(id: ID!, type: ShoutTypeEnum): Boolean! @cypher(statement: """