add changePasssword mutation

2025-12-13 07:45:56 +00:00 · 2019-03-09 13:36:27 +03:00 · 2019-03-09 13:36:27 +03:00 · 82ae81d8fe
commit 82ae81d8fe
parent e60d098317
3 changed files with 64 additions and 10 deletions
--- a/src/middleware/permissionsMiddleware.js
+++ b/src/middleware/permissionsMiddleware.js
@ -56,9 +56,9 @@ const permissions = shield({
    CreateBadge: isAdmin,
    UpdateBadge: isAdmin,
    DeleteBadge: isAdmin,
-
    enable: isModerator,
-    disable: isModerator
+    disable: isModerator,
+    changePassword: isAuthenticated
    // addFruitToBasket: isAuthenticated
    // CreateUser: allow,
  },
--- a/src/resolvers/user_management.js
+++ b/src/resolvers/user_management.js
@ -30,22 +30,75 @@ export default {
      //   throw new Error('Already logged in.')
      // }
      const session = driver.session()
-      return session.run(
+      return session
+        .run(
          'MATCH (user:User {email: $userEmail}) ' +
-        'RETURN user {.id, .slug, .name, .avatar, .email, .password, .role} as user LIMIT 1', {
+            'RETURN user {.id, .slug, .name, .avatar, .email, .password, .role} as user LIMIT 1',
+          {
            userEmail: email
-        })
-        .then(async (result) => {
+          }
+        )
+        .then(async result => {
          session.close()
          const [currentUser] = await result.records.map(function (record) {
            return record.get('user')
          })

-          if (currentUser && await bcrypt.compareSync(password, currentUser.password)) {
+          if (
+            currentUser &&
+            (await bcrypt.compareSync(password, currentUser.password))
+          ) {
            delete currentUser.password
            return encode(currentUser)
-          } else throw new AuthenticationError('Incorrect email address or password.')
+          } else {
+            throw new AuthenticationError(
+              'Incorrect email address or password.'
+            )
+          }
        })
+    },
+    changePassword: async (
+      _,
+      { oldPassword, newPassword },
+      { driver, user }
+    ) => {
+      const session = driver.session()
+      let result = await session.run(
+        `MATCH (user:User {email: $userEmail}) 
+         RETURN user {.id, .email, .password}`,
+        {
+          userEmail: user.email
+        }
+      )
+
+      const [currentUser] = result.records.map(function (record) {
+        return record.get('user')
+      })
+
+      if (!(await bcrypt.compareSync(oldPassword, currentUser.password))) {
+        throw new AuthenticationError('Old password isn\'t valid')
+      }
+
+      if (await bcrypt.compareSync(newPassword, currentUser.password)) {
+        throw new AuthenticationError(
+          'Old password and New password should not be same'
+        )
+      } else {
+        const newHashedPassword = await bcrypt.hashSync(newPassword, 10)
+        session.run(
+          `MATCH (user:User {email: $userEmail})
+           SET user.password = $newHashedPassword
+           RETURN user
+        `,
+          {
+            userEmail: user.email,
+            newHashedPassword
+          }
+        )
+        session.close()
+
+        return encode(currentUser)
+      }
    }
  }
 }
--- a/src/schema.graphql
+++ b/src/schema.graphql
@ -9,6 +9,7 @@ type Mutation {
  "Get a JWT Token for the given Email and password"
  login(email: String!, password: String!): String!
  signup(email: String!, password: String!): Boolean!
+  changePassword(oldPassword:String!, newPassword: String!): String!
  report(resource: Resource!, description: String): Report
  "Shout the given Type and ID"
  shout(id: ID!, type: ShoutTypeEnum): Boolean! @cypher(statement: """