Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- //Change user's pasword
- app.post('/change-password', function(req, res, next) {
- var User = app.models.user;
- if (!req.accessToken) return res.sendStatus(401);
- //verify passwords match
- if (!req.body.password || !req.body.confirmation ||
- req.body.password !== req.body.confirmation) {
- return res.sendStatus(400, new Error('Passwords do not match'));
- }
- User.findById(req.accessToken.userId, function(err, user) {
- if (err) return res.sendStatus(404);
- user.hasPassword(req.body.oldPassword, function(err, isMatch) {
- if (!isMatch) {
- return res.sendStatus(401);
- } else {
- user.updateAttribute('password', req.body.password, function(err, user) {
- if (err) return res.sendStatus(404);
- console.log('> password change request processed successfully');
- res.status(200).json({msg: 'password change request processed successfully'});
- });
- }
- });
- });
- });
- //Hash the plain password
- user.updateAttribute('password', User.hashPassword(req.body.password), function(err, user) {
- ...
- });
- module.exports = function (MyUserModel) {
- ...
- MyUserModel.updatePassword = function (ctx, emailVerify, oldPassword, newPassword, cb) {
- var newErrMsg, newErr;
- try {
- this.findOne({where: {id: ctx.req.accessToken.userId, email: emailVerify}}, function (err, user) {
- if (err) {
- cb(err);
- } else if (!user) {
- newErrMsg = "No match between provided current logged user and email";
- newErr = new Error(newErrMsg);
- newErr.statusCode = 401;
- newErr.code = 'LOGIN_FAILED_EMAIL';
- cb(newErr);
- } else {
- user.hasPassword(oldPassword, function (err, isMatch) {
- if (isMatch) {
- // TODO ...further verifications should be done here (e.g. non-empty new password, complex enough password etc.)...
- user.updateAttributes({'password': newPassword}, function (err, instance) {
- if (err) {
- cb(err);
- } else {
- cb(null, true);
- }
- });
- } else {
- newErrMsg = 'User specified wrong current password !';
- newErr = new Error(newErrMsg);
- newErr.statusCode = 401;
- newErr.code = 'LOGIN_FAILED_PWD';
- return cb(newErr);
- }
- });
- }
- });
- } catch (err) {
- logger.error(err);
- cb(err);
- }
- };
- MyUserModel.remoteMethod(
- 'updatePassword',
- {
- description: "Allows a logged user to change his/her password.",
- http: {verb: 'put'},
- accepts: [
- {arg: 'ctx', type: 'object', http: {source: 'context'}},
- {arg: 'emailVerify', type: 'string', required: true, description: "The user email, just for verification"},
- {arg: 'oldPassword', type: 'string', required: true, description: "The user old password"},
- {arg: 'newPassword', type: 'string', required: true, description: "The user NEW password"}
- ],
- returns: {arg: 'passwordChange', type: 'boolean'}
- }
- );
- ...
- };
- {
- "name": "MyUserModel",
- "base": "User",
- ...
- "acls": [
- ...
- {
- "comment":"allow authenticated users to change their password",
- "accessType": "EXECUTE",
- "property":"updatePassword",
- "principalType": "ROLE",
- "principalId": "$authenticated",
- "permission": "ALLOW"
- }
- ...
- ],
- ...
- }
Add Comment
Please, Sign In to add comment