modules/worker/back/methods/worker/setPassword.js

@@ -33,11 +33,11 @@ module.exports = Self => {
         }
 
         try {
-            const ishimself = userId === workerId;
+            const isHimself = userId === workerId;
             const isSubordinate = await Self.isSubordinate(ctx, workerId, myOptions);
             const {emailVerified} = await models.VnUser.findById(workerId, {fields: ['emailVerified']}, myOptions);
 
-            if (ishimself || (isSubordinate && !emailVerified)) {
+            if (isHimself || (isSubordinate && !emailVerified)) {
                 await models.VnUser.setPassword(workerId, newPass, myOptions);
                 await models.VnUser.updateAll({id: workerId}, {emailVerified: true}, myOptions);
             } else

modules/worker/back/methods/worker/specs/setPassword.spec.js

@@ -1,31 +1,30 @@
-const UserError = require('vn-loopback/util/user-error');
-
-const models = require('vn-loopback/server/server').models;
+const {models} = require('vn-loopback/server/server');
 
 describe('worker setPassword()', () => {
     let ctx;
+    const newPass = 'H3rn4d3z#';
+    const employeeId = 1;
+    const managerId = 20;
+    const administrativeId = 5;
+
     beforeAll(() => {
         ctx = {
             req: {
-                accessToken: {},
+                accessToken: {userId: managerId},
                 headers: {origin: 'http://localhost'}
             },
-            args: {workerFk: 9}
         };
     });
 
-    beforeEach(() => {
-        ctx.req.accessToken.userId = 20;
-        ctx.args.newPass = 'H3rn4d3z#';
-    });
-
-    it('should change the password', async() => {
+    it('should change the password if it is a subordinate and the email is not verified', async() => {
         const tx = await models.Worker.beginTransaction({});
 
         try {
             const options = {transaction: tx};
-            await models.Worker.setPassword(ctx, options);
+            await models.Worker.setPassword(ctx, employeeId, newPass, options);
+            const isNewPass = await passHasBeenChanged(employeeId, newPass, options);
 
+            expect(isNewPass).toBeTrue();
             await tx.rollback();
         } catch (e) {
             await tx.rollback();
@@ -33,29 +32,64 @@ describe('worker setPassword()', () => {
         }
     });
 
-    it('should throw an error: Password does not meet requirements', async() => {
-        const tx = await models.Collection.beginTransaction({});
-        ctx.args.newPass = 'Hi';
+    it('should not change the password if it is a subordinate and the email is verified', async() => {
+        const tx = await models.Worker.beginTransaction({});
+
         try {
             const options = {transaction: tx};
-            await models.Worker.setPassword(ctx, options);
+            await models.VnUser.updateAll({id: employeeId}, {emailVerified: true}, options);
+            await models.Worker.setPassword(ctx, employeeId, newPass, options);
+
+            await tx.rollback();
+        } catch (e) {
+            expect(e.message).toEqual(`You don't have enough privileges.`);
+            await tx.rollback();
+        }
+    });
+
+    it('should change the password if it is himself', async() => {
+        const tx = await models.Worker.beginTransaction({});
+
+        try {
+            const options = {transaction: tx};
+            await models.VnUser.updateAll({id: managerId}, {emailVerified: true}, options);
+            await models.Worker.setPassword(ctx, managerId, newPass, options);
+            const isNewPass = await passHasBeenChanged(managerId, newPass, options);
+
+            expect(isNewPass).toBeTrue();
+            await tx.rollback();
+        } catch (e) {
+            await tx.rollback();
+        }
+    });
+
+    it('should not change the password if it is not a subordinate', async() => {
+        const tx = await models.Worker.beginTransaction({});
+        try {
+            const options = {transaction: tx};
+            await models.Worker.setPassword(ctx, administrativeId, newPass, options);
+            await tx.rollback();
+        } catch (e) {
+            expect(e.message).toEqual(`You don't have enough privileges.`);
+            await tx.rollback();
+        }
+    });
+
+    it('should throw an error: Password does not meet requirements', async() => {
+        const tx = await models.Worker.beginTransaction({});
+        const newPass = 'Hi';
+        try {
+            const options = {transaction: tx};
+            await models.Worker.setPassword(ctx, employeeId, newPass, options);
             await tx.rollback();
         } catch (e) {
             expect(e.sqlMessage).toEqual('Password does not meet requirements');
             await tx.rollback();
         }
     });
-
-    it('should throw an error: You don\'t have enough privileges.', async() => {
-        ctx.req.accessToken.userId = 5;
-        const tx = await models.Collection.beginTransaction({});
-        try {
-            const options = {transaction: tx};
-            await models.Worker.setPassword(ctx, options);
-            await tx.rollback();
-        } catch (e) {
-            expect(e).toEqual(new UserError(`You don't have enough privileges.`));
-            await tx.rollback();
-        }
-    });
 });
+
+const passHasBeenChanged = async(userId, pass, options) => {
+    const user = await models.VnUser.findById(userId, null, options);
+    return user.hasPassword(pass);
+};

modules/worker/front/descriptor/index.spec.js

@@ -16,6 +16,7 @@ describe('vnWorkerDescriptor', () => {
             const id = 1;
             const response = 'foo';
 
+            $httpBackend.whenGET('UserConfigs/getUserConfig').respond({});
             $httpBackend.expectRoute('GET', `Workers/${id}`).respond(response);
             controller.id = id;
             $httpBackend.flush();