refs #5475 feat(account_changePassword)

2023-06-16 09:35:20 +02:00 · 2023-06-16 09:35:20 +02:00 · cf01c8d46e
parent b96f0f22b5
commit cf01c8d46e
4 changed files with 28 additions and 32 deletions
--- a/back/models/vn-user.js
+++ b/back/models/vn-user.js
@ -153,25 +153,13 @@ module.exports = function(Self) {
        }
    };

-    Self.sharedClass._methods.find(method => method.name == 'changePassword')
-        .accessScopes = ['change-password'];
-    // Self.sharedClass._methods.find(method => method.name == 'changePassword').accepts.splice(3, 0, {
-    //     arg: 'verificationCode',
-    //     type: 'string'
-    // });
-    // const _changePassword = Self.changePassword;
-    // Self.changePassword = async(userId, oldPassword, newPassword, verificationCode, options, cb) => {
-    //     if (oldPassword == newPassword)
-    //         throw new UserError(`You can't use the same password`);
+    // Self.sharedClass._methods.find(method => method.name == 'changePassword')
+    //     .accessScopes = ['change-password'];
+    Self.sharedClass._methods.find(method => method.name == 'changePassword').ctor.settings.acls =
+    Self.sharedClass._methods.find(method => method.name == 'changePassword').ctor.settings.acls
+        .filter(acl => acl.property != 'changePassword');

-    //     const user = await this.findById(userId, {fields: ['name', 'twoFactor']});
-    //     if (user.twoFactor)
-    //         await Self.validateCode(user.name, verificationCode);
-
-    //     await _changePassword.call(this, userId, oldPassword, newPassword, options, cb);
-    // };
-
-    const _prototypeChangePassword = Self.prototype.ChangePassword;
+    const _changePassword = Self.prototype.ChangePassword;
    Self.prototype.changePassword = async function(oldPassword, newPassword, options, cb) {
        if (cb === undefined && typeof options === 'function') {
            cb = options;
@ -191,7 +179,7 @@ module.exports = function(Self) {
        options = myOptions;

        try {
-            await _prototypeChangePassword.call(this, oldPassword, newPassword, options);
+            await _changePassword.call(this, oldPassword, newPassword, options);
            tx && await tx.commit();
            cb && cb();
        } catch (err) {
--- a/front/salix/components/change-password/index.js
+++ b/front/salix/components/change-password/index.js
@ -15,6 +15,11 @@ export default class Controller {
    }

    $onInit() {
+        this.oldPassword = 'nightmare';
+        this.repeatPassword = 'test.1234';
+        this.newPassword = 'test.1234';
+        this.verificationCode = '1234';
+
        if (!this.$state.params || !this.$state.params.id || !this.$state.params.token)
            this.$state.go('login');

@ -47,9 +52,8 @@ export default class Controller {
            newPassword,
            verificationCode
        });
-        this.$http.post('VnUsers/change-password',
+        this.$http.patch('Accounts/change-password',
            {
-                id,
                oldPassword,
                newPassword,
                verificationCode
--- a/modules/account/back/methods/account/change-password.js
+++ b/modules/account/back/methods/account/change-password.js
@ -1,15 +1,11 @@

 module.exports = Self => {
-    Self.remoteMethod('changePassword', {
+    Self.remoteMethodCtx('changePassword', {
        description: 'Changes the user password',
        accessType: 'WRITE',
+        accessScopes: 'change-password',
        accepts: [
            {
-                arg: 'id',
-                type: 'number',
-                description: 'The user id',
-                http: {source: 'path'}
-            }, {
                arg: 'oldPassword',
                type: 'string',
                description: 'The old password',
@ -26,20 +22,21 @@ module.exports = Self => {
            }
        ],
        http: {
-            path: `/:id/changePassword`,
+            path: `/changePassword`,
            verb: 'PATCH'
        }
    });

-    Self.changePassword = async function(id, oldPassword, newPassword, verificationCode) {
+    Self.changePassword = async function(ctx, oldPassword, newPassword, verificationCode) {
+        const userId = ctx.req.accessToken.userId;
        const {vnUser} = Self.app.models;
        if (oldPassword == newPassword)
            throw new UserError(`You can't use the same password`);

-        const user = await vnUser.findById(id, {fields: ['name', 'twoFactor']});
+        const user = await vnUser.findById(userId, {fields: ['name', 'twoFactor']});
        if (user.twoFactor)
            await vnUser.validateCode(user.name, verificationCode);

-        await vnUser.changePassword(id, oldPassword, newPassword);
+        await vnUser.changePassword(userId, oldPassword, newPassword);
    };
 };
--- a/modules/account/back/models/account.json
+++ b/modules/account/back/models/account.json
@ -37,6 +37,13 @@
 			"principalType": "ROLE",
 			"principalId": "$authenticated",
 			"permission": "ALLOW"
-		}
+		},
+        {
+            "property": "changePassword",
+            "accessType": "EXECUTE",
+            "principalType": "ROLE",
+            "principalId": "$everyone",
+            "permission": "ALLOW"
+        }
 	]
 }