add setpassword function
All checks were successful
SimcoDash/simcompanies-dashboard/pipeline/head This commit looks good
All checks were successful
SimcoDash/simcompanies-dashboard/pipeline/head This commit looks good
backend is #68 ready
This commit is contained in:
@@ -168,23 +168,23 @@ app.post("/API/user/login", passport.authenticate('local-login'), function (req,
|
||||
app.delete("/API/user/logout", function (req, res) {
|
||||
req.logout();
|
||||
return res.status(status.OK).send("logout success");
|
||||
});
|
||||
}); !!
|
||||
|
||||
app.put("/API/user/create", function (req, res) {
|
||||
let { email, password } = req.body;
|
||||
if (email && password) {
|
||||
email = mysql.escape(email);
|
||||
password = mysql.escape(bcrypt.hashSync(password, saltRounds));
|
||||
if (DEBUG) return res.status(status.OK).send();
|
||||
connection.query(`INSERT INTO user (deactivated, email, password) values (1, ${email}, ${password})`, function (err, rows) {
|
||||
if (err)
|
||||
return res.status(status.INTERNAL_SERVER_ERROR).send("the user seems to exist already - if you think this is an error contact the sys admin");
|
||||
return res.status(status.OK).send("account successfully created");
|
||||
});
|
||||
} else {
|
||||
return res.status(status.BAD_REQUEST).send("invalid data supplied");
|
||||
}
|
||||
});
|
||||
app.put("/API/user/create", function (req, res) {
|
||||
let { email, password } = req.body;
|
||||
if (email && password) {
|
||||
email = mysql.escape(email);
|
||||
password = mysql.escape(bcrypt.hashSync(password, saltRounds));
|
||||
if (DEBUG) return res.status(status.OK).send();
|
||||
connection.query(`INSERT INTO user (deactivated, email, password) values (1, ${email}, ${password})`, function (err, rows) {
|
||||
if (err)
|
||||
return res.status(status.INTERNAL_SERVER_ERROR).send("the user seems to exist already - if you think this is an error contact the sys admin");
|
||||
return res.status(status.OK).send("account successfully created");
|
||||
});
|
||||
} else {
|
||||
return res.status(status.BAD_REQUEST).send("invalid data supplied");
|
||||
}
|
||||
});
|
||||
|
||||
app.all("*", function (req, res, next) {
|
||||
if (req.isAuthenticated()) {
|
||||
@@ -293,7 +293,7 @@ app.get('/API/resourcelist', function (req, res) {
|
||||
return res.send(resourceList);
|
||||
});
|
||||
|
||||
app.post("/API/user/setname", function (req, res) {
|
||||
app.post("/API/user/setname", async function (req, res) {
|
||||
let { email, password } = req.body;
|
||||
if (email && password) {
|
||||
if (DEBUG) return res.status(status.OK).send();
|
||||
@@ -314,4 +314,24 @@ app.post("/API/user/setname", function (req, res) {
|
||||
}
|
||||
});
|
||||
|
||||
app.post("/API/user/setpassword", async function (req, res) {
|
||||
let { oldpassword, newpassword } = req.body;
|
||||
if (oldpassword && newpassword) {
|
||||
if (DEBUG) return res.status(status.OK).send();
|
||||
try {
|
||||
if (!await validatePassword(req.user.email, oldpassword))
|
||||
return res.status(status.UNAUTHORIZED).send("wrong password supplied");
|
||||
} catch (e) {
|
||||
return res.status(status.INTERNAL_SERVER_ERROR).send(e);
|
||||
}
|
||||
connection.query(`UPDATE user SET password = ${mysql.escape(bcrypt.hashSync(newpassword, saltRounds))} WHERE email = ${mysql.escape(req.user.email)}`, function (err, rows) {
|
||||
if (err)
|
||||
return res.status(status.INTERNAL_SERVER_ERROR).send("the username seems invalid or already taken - if you think this is an error contact the sys admin");
|
||||
return res.status(status.OK).send("username changed");
|
||||
});
|
||||
} else {
|
||||
return res.status(status.BAD_REQUEST).send("invalid data supplied");
|
||||
}
|
||||
});
|
||||
|
||||
app.listen(3001);
|
||||
|
||||
Reference in New Issue
Block a user