#364

2 files changed, 46 insertions, 0 deletions

diff --git a/src/api/endpoints.ts b/src/api/endpoints.ts
index a658c9a42e..c6661533e8 100644
--- a/src/api/endpoints.ts
+++ b/src/api/endpoints.ts
@@ -160,6 +160,10 @@ const endpoints: Endpoint[] = [
 		kind: 'account-write'
 	},
 	{
+		name: 'i/change_password',
+		withCredential: true
+	},
+	{
 		name: 'i/regenerate_token',
 		withCredential: true
 	},
diff --git a/src/api/endpoints/i/change_password.ts b/src/api/endpoints/i/change_password.ts
new file mode 100644
index 0000000000..faceded29d
--- /dev/null
+++ b/src/api/endpoints/i/change_password.ts
@@ -0,0 +1,42 @@
+/**
+ * Module dependencies
+ */
+import $ from 'cafy';
+import * as bcrypt from 'bcryptjs';
+import User from '../../models/user';
+
+/**
+ * Change password
+ *
+ * @param {any} params
+ * @param {any} user
+ * @return {Promise<any>}
+ */
+module.exports = async (params, user) => new Promise(async (res, rej) => {
+	// Get 'current_password' parameter
+	const [currentPassword, currentPasswordErr] = $(params.current_password).string().$;
+	if (currentPasswordErr) return rej('invalid current_password param');
+
+	// Get 'new_password' parameter
+	const [newPassword, newPasswordErr] = $(params.new_password).string().$;
+	if (newPasswordErr) return rej('invalid new_password param');
+
+	// Compare password
+	const same = bcrypt.compareSync(currentPassword, user.password);
+
+	if (!same) {
+		return rej('incorrect password');
+	}
+
+	// Generate hash of password
+	const salt = bcrypt.genSaltSync(8);
+	const hash = bcrypt.hashSync(newPassword, salt);
+
+	await User.update(user._id, {
+		$set: {
+			password: hash
+		}
+	});
+
+	res();
+});