Allow users to change their password (#25)

* implement change password functionality * format with prettier * remove comments * get user from request * add exceptions * remove test code * Refactor code --------- Co-authored-by: Negin Moshki <neginmoshki@gmail.com> Co-authored-by: Florian Raith <florianraith00@gmail.com> Co-authored-by: Marius Friess <34072851+mariusfriess@users.noreply.github.com>

Allow users to change their password (#25)
f1dc6960 · Negin Moshki · GitHub · 13de7650 · f1dc6960 · f1dc6960
Unverified Commit f1dc6960 authored 1 year ago by Negin Moshki Committed by GitHub 1 year ago
--- a/src/auth/auth.dto.ts
+++ b/src/auth/auth.dto.ts
@@ -35,7 +35,7 @@ export class RegisterUser {
  password: string;

  @IsNotEmpty({
-    message: 'Passwort darf nicht leer sein',
+    message: 'Passwörter müssen übereinstimmen',
  })
  @Match('password', {
    message: 'Passwörter müssen übereinstimmen',
@@ -60,6 +60,29 @@ export class LoginUser {
  password: string;
 }

+export class ChangePassword {
+  @IsNotEmpty({
+    message: 'Bitte gib dein aktuelles Passwort ein',
+  })
+  currentPassword: string;
+
+  @IsNotEmpty({
+    message: 'Das neue Passwort darf nicht leer sein',
+  })
+  @MinLength(8, {
+    message: 'Passwort muss mindestens 8 Zeichen lang sein',
+  })
+  newPassword: string;
+
+  @IsNotEmpty({
+    message: 'Passwörter müssen übereinstimmen',
+  })
+  @Match('newPassword', {
+    message: 'Passwörter müssen übereinstimmen',
+  })
+  confirmNewPassword: string;
+}
+
 export interface AuthPayload {
  token: string;
  user: User;

--- a/src/user/user.controller.ts
+++ b/src/user/user.controller.ts
-import { Body, Controller, Get, Post, Put, UseGuards } from '@nestjs/common';
+import {
+  Body,
+  Controller,
+  Get,
+  Post,
+  Put,
+  UnprocessableEntityException,
+  UseGuards,
+} from '@nestjs/common';
 import { AdminGuard } from '../common/guards/admin.guard';
 import { AuthGuard } from '../auth/auth.guard';
 import { UserService } from './user.service';
+import { AuthService } from '../auth/auth.service';
+import { ChangePassword } from '../auth/auth.dto';
+import * as bcrypt from 'bcrypt';

 export type EditUser = {
  id: number;
@@ -12,7 +23,10 @@ export type EditUser = {

 @Controller('user')
 export class UserController {
-  constructor(private readonly userService: UserService) {}
+  constructor(
+    private readonly userService: UserService,
+    private readonly authService: AuthService,
+  ) {}

  @UseGuards(AuthGuard, AdminGuard)
  @Get('findAll')
@@ -31,4 +45,25 @@ export class UserController {
  public async changeUserData(@Body() data: EditUser): Promise<boolean> {
    return this.userService.changeUserData(data);
  }
+
+  @UseGuards(AuthGuard)
+  @Post('changePassword')
+  public async changePassword(@Body() data: ChangePassword) {
+    const user = await this.authService.user();
+
+    const passwordValid = await bcrypt.compare(
+      data.currentPassword,
+      user.password,
+    );
+
+    if (!passwordValid) {
+      throw new UnprocessableEntityException([
+        ['currentPassword', 'Das aktuelle Passwort ist falsch'],
+      ]);
+    }
+
+    await this.userService.changePassword(user, data.newPassword);
+
+    return true;
+  }
 }
--- a/src/user/user.service.ts
+++ b/src/user/user.service.ts
@@ -46,6 +46,11 @@ export class UserService {
    return user;
  }

+  public async changePassword(user: User, password: string): Promise<void> {
+    user.password = await bcrypt.hash(password, UserService.SALT_OR_ROUNDS);
+    await this.em.persistAndFlush(user);
+  }
+
  public async delete(id: number): Promise<void> {
    await this.repository.nativeDelete({ id });
  }