update username, password

2025-12-17 14:47:53 +01:00 · 2016-03-12 23:32:20 -08:00
parent 13a86c3858
commit 46322cfd38
5 changed files with 229 additions and 3 deletions
--- a/website/src/controllers/api-v3/user.js
+++ b/website/src/controllers/api-v3/user.js
@@ -42,6 +42,95 @@ api.getUser = {
  },
 };

+/**
+ * @api {post} /user/update-password
+ * @apiVersion 3.0.0
+ * @apiName updatePassword
+ * @apiGroup User
+ * @apiParam {string} password The old password
+ * @apiParam {string} newPassword The new password
+ * @apiParam {string} confirmPassword Password confirmation
+ * @apiSuccess {Object} The success message
+ **/
+api.updatePassword = {
+  method: 'POST',
+  middlewares: [authWithHeaders(), cron],
+  url: '/user/update-password',
+  async handler (req, res) {
+    let user = res.locals.user;
+
+    if (!user.auth.local.hashed_password) throw new BadRequest(res.t('userHasNoLocalRegistration'));
+
+    let oldPassword = passwordUtils.encrypt(req.body.password, user.auth.local.salt);
+    if (oldPassword !== user.auth.local.hashed_password) throw new NotAuthorized(res.t('wrongPassword'));
+
+    req.checkBody({
+      password: {
+        notEmpty: {errorMessage: res.t('missingNewPassword')},
+      },
+      newPassword: {
+        notEmpty: {errorMessage: res.t('missingPassword')},
+      },
+    });
+
+    if (req.body.newPassword !== req.body.confirmPassword) throw new NotAuthorized(res.t('passwordConfirmationMatch'));
+
+    user.auth.local.hashed_password = passwordUtils.encrypt(req.body.newPassword, user.auth.local.salt); // eslint-disable-line camelcase
+    user.save();
+
+    res.send(200, { message: res.t('passwordSaved') });
+  },
+};
+
+/**
+ * @api {post} /user/update-username
+ * @apiVersion 3.0.0
+ * @apiName updateUsername
+ * @apiGroup User
+ * @apiParam {string} password The password
+ * @apiParam {string} username New username
+ * @apiSuccess {Object} The new username
+ **/
+api.updateUsername = {
+  method: 'POST',
+  middlewares: [authWithHeaders(), cron],
+  url: '/user/update-username',
+  async handler (req, res) {
+    let user = res.locals.user;
+
+    req.checkBody({
+      password: {
+        notEmpty: {errorMessage: res.t('missingPassword')},
+      },
+      username: {
+        notEmpty: { errorMessage: res.t('missingUsername') },
+      },
+    });
+
+    let validationErrors = req.validationErrors();
+    if (validationErrors) throw validationErrors;
+
+    if (!user.auth.local.username) throw new BadRequest(res.t('userHasNoLocalRegistration'));
+
+    let oldPassword = passwordUtils.encrypt(req.body.password, user.auth.local.salt);
+    if (oldPassword !== user.auth.local.hashed_password) throw new NotAuthorized(res.t('wrongPassword'));
+
+    // check username already exists
+    let candidateUser = await User.findOne({
+      'auth.local.username': req.body.username,
+    }, {'auth.local': 1}).exec();
+    if (candidateUser) throw new BadRequest(res.t('usernameTaken'));
+
+    // save username
+    user.auth.local.lowerCaseUsername = req.body.username.toLowerCase();
+    user.auth.local.username = req.body.username;
+    user.save();
+
+    res.send(200, { username: req.body.username });
+  },
+};
+
+
 /**
 * @api {post} /user/update-email
 * @apiVersion 3.0.0