Finish route and put in tests

Author: YiFeiZhang2

constants/role.constant.js

@@ -11,6 +11,7 @@ const accountRole = {
     "routes": [
         Constants.Routes.authRoutes.login,
         Constants.Routes.authRoutes.logout,
+        Constants.Routes.authRoutes.changePassword,
         Constants.Routes.authRoutes.getSelfRoleBindindings,
         Constants.Routes.accountRoutes.getSelf,
         Constants.Routes.accountRoutes.getSelfById,

constants/routes.constant.js

@@ -21,7 +21,11 @@ const authRoutes = {
     "getAnyRoleBindings": {
         requestType: Constants.REQUEST_TYPES.GET,
         uri: "/api/auth/rolebindings/" + Constants.ROLE_CATEGORIES.ALL
-    }
+    },
+    "changePassword": {
+        requestType: Constants.REQUEST_TYPES.PATCH,
+        uri: "/api/auth/password/change"
+    },
 };
 
 const accountRoutes = {

middlewares/auth.middleware.js

@@ -126,13 +126,14 @@ async function retrieveRoleBindings(req, res, next) {
 }
 
 /**
- * 
- * @param {*} req 
+ * Checks that the oldPassword is the current password for the logged in user. If the password is correct,
+ * then updates the password to the string in newPassword.
+ * @param {{user: {email: string}, body: {oldPassword: string, newPassword: string}} req 
  * @param {*} res 
  * @param {*} next 
  */
 async function changePassword(req, res, next) {
-    acc = await Services.Account.getAccountIfValid(req.user.email, req.body.oldPassword);
+    const acc = await Services.Account.getAccountIfValid(req.user.email, req.body.oldPassword);
     // user's old password is correct
     if (!!acc) {
         req.body.account = await Services.Account.updatePassword(req.user.id, req.body.newPassword);

routes/api/auth.js

@@ -97,7 +97,31 @@ module.exports = {
             Controllers.Auth.sentResetEmail
         );
 
-        authRouter.coute("/password/change").post(
+        /**
+         * @api {post} /auth/password/change change password for logged in user
+         * @apiName changePassword
+         * @apiGroup Authentication
+         * @apiVersion 0.0.8
+         * 
+         * @apiParam {String} oldPassword The current password of the user
+         * @apiParam {String} newPassword The new password of the user
+         * 
+         * @apiParamExample {json} Request-Example:
+         *      { 
+         *          "oldPassword": "password12345",
+         *          "newPassword": "password123456"
+         *      }
+         * 
+         * @apiSuccess {string} message Success message
+         * @apiSuccess {object} data empty
+         * @apiSuccessExample {json} Success-Response: 
+         *      {"message": "Successfully reset password", "data": {}}
+         * 
+         * @apiPermission: Must be logged in
+         */
+        authRouter.route("/password/change").patch(
+            Middleware.Auth.ensureAuthenticated(),
+            Middleware.Auth.ensureAuthorized(),
             Middleware.Validator.Auth.ChangePasswordValidator,
             Middleware.parseBody.middleware,
 

tests/account.test.js

@@ -359,6 +359,71 @@ describe("POST reset password", function () {
     });
 });
 
+describe("PATCH change password for logged in user", function () {
+    const successChangePassword = {
+        "oldPassword": Admin1.password,
+        "newPassword": "password12345"
+    };
+    const failChangePassword = {
+        "oldPassword": "WrongPassword",
+        "newPassword": "password12345"
+    };
+    // fail on authentication
+    it("should fail to change the user's password because they are not logged in", function (done) {
+        chai.request(server.app)
+            .patch("/api/auth/password/change")
+            .type("application/json")
+            .send(failChangePassword)
+            .end(function (err, res) {
+                res.should.have.status(401);
+                res.should.be.json;
+                res.body.should.have.property("message");
+                res.body.message.should.equal(Constants.Error.AUTH_401_MESSAGE);
+                done();
+            });
+    });
+    // success case
+    it("should change the logged in user's password to a new password", function (done) {
+        util.auth.login(agent, Admin1, (error) => {
+            if (error) {
+                agent.close();
+                return done(error);
+            }
+            agent
+                .patch("/api/auth/password/change")
+                .type("application/json")
+                .send(successChangePassword)
+                .end(function (err, res) {
+                    res.should.have.status(200);
+                    res.should.be.json;
+                    res.body.should.have.property("message");
+                    res.body.message.should.equal("Successfully reset password");
+                    done();
+                });
+        });
+    });
+    // fail case because old password in incorrect
+    it("should fail to change the logged in user's password to a new password because old password is incorrect", function (done) {
+        util.auth.login(agent, Admin1, (error) => {
+            if (error) {
+                agent.close();
+                return done(error);
+            }
+            agent
+                .patch("/api/auth/password/change")
+                .type("application/json")
+                .send(failChangePassword)
+                .end(function (err, res) {
+                    res.should.have.status(401);
+                    res.should.be.json;
+                    res.body.should.have.property("message");
+                    res.body.message.should.equal(Constants.Error.AUTH_401_MESSAGE);
+                    done();
+                });
+        });
+    });
+});
+
 describe("GET retrieve permissions", function () {
     it("should SUCCEED and retrieve the rolebindings for the user", function (done) {
         util.auth.login(agent, storedAccount1, (error) => {

tests/auth.test.js

@@ -56,5 +56,5 @@ describe("GET roles", function () {
                     done();
                 });
         });
-    })
-});
+    });
+});