WIP change password route

Author: YiFeiZhang2

middlewares/auth.middleware.js

@@ -125,6 +125,26 @@ async function retrieveRoleBindings(req, res, next) {
     return next();
 }
 
+/**
+ * 
+ * @param {*} req 
+ * @param {*} res 
+ * @param {*} next 
+ */
+async function changePassword(req, res, next) {
+    acc = await Services.Account.getAccountIfValid(req.user.email, req.body.oldPassword);
+    // user's old password is correct
+    if (!!acc) {
+        req.body.account = await Services.Account.updatePassword(req.user.id, req.body.newPassword);
+        return next();
+    } else {
+        return next({
+            status: 401,
+            message: Constants.Error.AUTH_401_MESSAGE,
+        });
+    }
+}
+
 /**
  * Middleware that sends an email to reset the password for the inputted email address.
  * @param {{body: {email:String}}} req the request object
@@ -428,5 +448,6 @@ module.exports = {
     addCreationRoleBindings: Middleware.Util.asyncMiddleware(addCreationRoleBindings),
     resendConfirmAccountEmail: Middleware.Util.asyncMiddleware(resendConfirmAccountEmail),
     retrieveRoleBindings: Middleware.Util.asyncMiddleware(retrieveRoleBindings),
-    retrieveRoles: Middleware.Util.asyncMiddleware(retrieveRoles)
+    retrieveRoles: Middleware.Util.asyncMiddleware(retrieveRoles),
+    changePassword: Middleware.Util.asyncMiddleware(changePassword),
 };

middlewares/validators/auth.validator.js

@@ -5,12 +5,16 @@ module.exports = {
     ForgotPasswordValidator: [
         VALIDATOR.emailValidator("body", "email", false)
     ],
+    ChangePasswordValidator: [
+        VALIDATOR.passwordValidator("body", "oldPassword", false),
+        VALIDATOR.passwordValidator("body", "newPassword", false)
+    ],
     ResetPasswordValidator: [
-        VALIDATOR.passwordValidator("body","password", false),
+        VALIDATOR.passwordValidator("body", "password", false),
         //The json web token is provided via the header with param "Authentication".
-        VALIDATOR.jwtValidator("header","X-Reset-Token", process.env.JWT_RESET_PWD_SECRET, false)
+        VALIDATOR.jwtValidator("header", "X-Reset-Token", process.env.JWT_RESET_PWD_SECRET, false)
     ],
     accountConfirmationValidator: [
-        VALIDATOR.jwtValidator("param","token", process.env.JWT_CONFIRM_ACC_SECRET, false)
+        VALIDATOR.jwtValidator("param", "token", process.env.JWT_CONFIRM_ACC_SECRET, false)
     ]
-};
+};

routes/api/auth.js

@@ -97,6 +97,14 @@ module.exports = {
             Controllers.Auth.sentResetEmail
         );
 
+        authRouter.coute("/password/change").post(
+            Middleware.Validator.Auth.ChangePasswordValidator,
+            Middleware.parseBody.middleware,
+
+            Middleware.Auth.changePassword,
+            Controllers.Auth.resetPassword,
+        );
+
         //untested
         /**
          * @api {post} /auth/password/reset reset password