diff options
Diffstat (limited to 'src/api')
| -rw-r--r-- | src/api/endpoints.ts | 4 | ||||
| -rw-r--r-- | src/api/endpoints/i/change_password.ts | 42 |
2 files changed, 46 insertions, 0 deletions
diff --git a/src/api/endpoints.ts b/src/api/endpoints.ts index a658c9a42e..c6661533e8 100644 --- a/src/api/endpoints.ts +++ b/src/api/endpoints.ts @@ -160,6 +160,10 @@ const endpoints: Endpoint[] = [ kind: 'account-write' }, { + name: 'i/change_password', + withCredential: true + }, + { name: 'i/regenerate_token', withCredential: true }, diff --git a/src/api/endpoints/i/change_password.ts b/src/api/endpoints/i/change_password.ts new file mode 100644 index 0000000000..faceded29d --- /dev/null +++ b/src/api/endpoints/i/change_password.ts @@ -0,0 +1,42 @@ +/** + * Module dependencies + */ +import $ from 'cafy'; +import * as bcrypt from 'bcryptjs'; +import User from '../../models/user'; + +/** + * Change password + * + * @param {any} params + * @param {any} user + * @return {Promise<any>} + */ +module.exports = async (params, user) => new Promise(async (res, rej) => { + // Get 'current_password' parameter + const [currentPassword, currentPasswordErr] = $(params.current_password).string().$; + if (currentPasswordErr) return rej('invalid current_password param'); + + // Get 'new_password' parameter + const [newPassword, newPasswordErr] = $(params.new_password).string().$; + if (newPasswordErr) return rej('invalid new_password param'); + + // Compare password + const same = bcrypt.compareSync(currentPassword, user.password); + + if (!same) { + return rej('incorrect password'); + } + + // Generate hash of password + const salt = bcrypt.genSaltSync(8); + const hash = bcrypt.hashSync(newPassword, salt); + + await User.update(user._id, { + $set: { + password: hash + } + }); + + res(); +}); |