diff --git a/.github/workflows/docker-e2e.yml b/.github/workflows/docker-e2e.yml index 0992834b9..82bdd3214 100644 --- a/.github/workflows/docker-e2e.yml +++ b/.github/workflows/docker-e2e.yml @@ -2,7 +2,7 @@ name: NestJS API CI on: push: - branches: [] + branches: [master] pull_request: branches: [master] @@ -12,8 +12,5 @@ jobs: steps: - uses: actions/checkout@v2 - - run: docker-compose -f docker-compose.ci.yaml --env-file env-example -p ci pull - - uses: satackey/action-docker-layer-caching@v0.0.11 - continue-on-error: true - name: Run e2e tests run: docker-compose -f docker-compose.ci.yaml --env-file env-example -p ci up --build --exit-code-from api diff --git a/src/auth/auth.service.ts b/src/auth/auth.service.ts index fef5e6cad..41b1c9456 100644 --- a/src/auth/auth.service.ts +++ b/src/auth/auth.service.ts @@ -327,6 +327,39 @@ export class AuthService { } async update(user: User, userDto: AuthUpdateDto): Promise { + if (userDto.password) { + if (userDto.oldPassword) { + const currentUser = await this.usersRepository.findOne(user.id); + + const isValidOldPassword = await bcrypt.compare( + userDto.oldPassword, + currentUser.password, + ); + + if (!isValidOldPassword) { + throw new HttpException( + { + status: HttpStatus.UNPROCESSABLE_ENTITY, + errors: { + oldPassword: 'incorrectOldPassword', + }, + }, + HttpStatus.UNPROCESSABLE_ENTITY, + ); + } + } else { + throw new HttpException( + { + status: HttpStatus.UNPROCESSABLE_ENTITY, + errors: { + oldPassword: 'missingOldPassword', + }, + }, + HttpStatus.UNPROCESSABLE_ENTITY, + ); + } + } + await this.usersRepository.save( this.usersRepository.create({ id: user.id, diff --git a/src/auth/dtos/auth-update.dto.ts b/src/auth/dtos/auth-update.dto.ts index 4c0f377a8..04883cfe7 100644 --- a/src/auth/dtos/auth-update.dto.ts +++ b/src/auth/dtos/auth-update.dto.ts @@ -11,15 +11,19 @@ export class AuthUpdateDto { photo?: FileEntity; @ApiProperty({ example: 'John' }) - @IsNotEmpty() + @IsNotEmpty({ message: 'mustBeNotEmpty' }) firstName?: string; @ApiProperty({ example: 'Doe' }) - @IsNotEmpty() + @IsNotEmpty({ message: 'mustBeNotEmpty' }) lastName?: string; @ApiProperty() @IsNotEmpty() @MinLength(6) password?: string; + + @ApiProperty() + @IsNotEmpty({ message: 'mustBeNotEmpty' }) + oldPassword: string; } diff --git a/test/user/auth.e2e-spec.ts b/test/user/auth.e2e-spec.ts index 043a6c83b..4da0d80d1 100644 --- a/test/user/auth.e2e-spec.ts +++ b/test/user/auth.e2e-spec.ts @@ -109,6 +109,17 @@ describe('Auth user (e2e)', () => { .send({ email: newUserEmail, password: newUserPassword }) .then(({ body }) => body.token); + await request(app) + .patch('/api/v1/auth/me') + .auth(newUserApiToken, { + type: 'bearer', + }) + .send({ + firstName: newUserNewName, + password: newUserNewPassword, + }) + .expect(422); + await request(app) .patch('/api/v1/auth/me') .auth(newUserApiToken, { @@ -118,7 +129,8 @@ describe('Auth user (e2e)', () => { firstName: newUserNewName, password: newUserNewPassword, oldPassword: newUserPassword, - }); + }) + .expect(200); await request(app) .post('/api/v1/auth/login/email') @@ -133,7 +145,8 @@ describe('Auth user (e2e)', () => { .auth(newUserApiToken, { type: 'bearer', }) - .send({ password: newUserPassword, oldPassword: newUserNewPassword }); + .send({ password: newUserPassword, oldPassword: newUserNewPassword }) + .expect(200); }); it('New user delete profile: /api/v1/auth/me (DELETE)', async () => {