fix(user): added checking old password

brocoders · Mar 2, 2021 · e09d28d · e09d28d
1 parent 8e2334a
commit e09d28d
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 8 deletions.
diff --git a/.github/workflows/docker-e2e.yml b/.github/workflows/docker-e2e.yml
@@ -2,7 +2,7 @@ name: NestJS API CI
 
 on:
   push:
-    branches: []
+    branches: [master]
   pull_request:
     branches: [master]
 
@@ -12,8 +12,5 @@ jobs:
 
     steps:
       - uses: actions/checkout@v2
-      - run: docker-compose -f docker-compose.ci.yaml --env-file env-example -p ci pull
-      - uses: satackey/action-docker-layer-caching@v0.0.11
-        continue-on-error: true
       - name: Run e2e tests
         run: docker-compose -f docker-compose.ci.yaml --env-file env-example -p ci up --build --exit-code-from api
diff --git a/src/auth/auth.service.ts b/src/auth/auth.service.ts
@@ -327,6 +327,39 @@ export class AuthService {
   }
 
   async update(user: User, userDto: AuthUpdateDto): Promise<User> {
+    if (userDto.password) {
+      if (userDto.oldPassword) {
+        const currentUser = await this.usersRepository.findOne(user.id);
+
+        const isValidOldPassword = await bcrypt.compare(
+          userDto.oldPassword,
+          currentUser.password,
+        );
+
+        if (!isValidOldPassword) {
+          throw new HttpException(
+            {
+              status: HttpStatus.UNPROCESSABLE_ENTITY,
+              errors: {
+                oldPassword: 'incorrectOldPassword',
+              },
+            },
+            HttpStatus.UNPROCESSABLE_ENTITY,
+          );
+        }
+      } else {
+        throw new HttpException(
+          {
+            status: HttpStatus.UNPROCESSABLE_ENTITY,
+            errors: {
+              oldPassword: 'missingOldPassword',
+            },
+          },
+          HttpStatus.UNPROCESSABLE_ENTITY,
+        );
+      }
+    }
+
     await this.usersRepository.save(
       this.usersRepository.create({
         id: user.id,

diff --git a/src/auth/dtos/auth-update.dto.ts b/src/auth/dtos/auth-update.dto.ts
@@ -11,15 +11,19 @@ export class AuthUpdateDto {
   photo?: FileEntity;
 
   @ApiProperty({ example: 'John' })
-  @IsNotEmpty()
+  @IsNotEmpty({ message: 'mustBeNotEmpty' })
   firstName?: string;
 
   @ApiProperty({ example: 'Doe' })
-  @IsNotEmpty()
+  @IsNotEmpty({ message: 'mustBeNotEmpty' })
   lastName?: string;
 
   @ApiProperty()
   @IsNotEmpty()
   @MinLength(6)
   password?: string;
+
+  @ApiProperty()
+  @IsNotEmpty({ message: 'mustBeNotEmpty' })
+  oldPassword: string;
 }
diff --git a/test/user/auth.e2e-spec.ts b/test/user/auth.e2e-spec.ts
@@ -109,6 +109,17 @@ describe('Auth user (e2e)', () => {
       .send({ email: newUserEmail, password: newUserPassword })
       .then(({ body }) => body.token);
 
+    await request(app)
+      .patch('/api/v1/auth/me')
+      .auth(newUserApiToken, {
+        type: 'bearer',
+      })
+      .send({
+        firstName: newUserNewName,
+        password: newUserNewPassword,
+      })
+      .expect(422);
+
     await request(app)
       .patch('/api/v1/auth/me')
       .auth(newUserApiToken, {
@@ -118,7 +129,8 @@ describe('Auth user (e2e)', () => {
         firstName: newUserNewName,
         password: newUserNewPassword,
         oldPassword: newUserPassword,
-      });
+      })
+      .expect(200);
 
     await request(app)
       .post('/api/v1/auth/login/email')
@@ -133,7 +145,8 @@ describe('Auth user (e2e)', () => {
       .auth(newUserApiToken, {
         type: 'bearer',
       })
-      .send({ password: newUserPassword, oldPassword: newUserNewPassword });
+      .send({ password: newUserPassword, oldPassword: newUserNewPassword })
+      .expect(200);
   });
 
   it('New user delete profile: /api/v1/auth/me (DELETE)', async () => {