From 5684e19582f6dbd4ea9f4a27e31f3fdabf0bab60 Mon Sep 17 00:00:00 2001
From: Guillaume Dorce <polynux.dev@gmail.com>
Date: Fri, 28 Oct 2022 17:38:47 +0200
Subject: [PATCH] check password to change infos

---
 client/src/components/User.tsx           |  1 +
 client/src/controllers/UserController.ts |  8 +++-
 src/api/users/index.ts                   | 23 ++++++++++
 src/controller/UserController.ts         | 54 ++++++++++++++++++++++++
 4 files changed, 85 insertions(+), 1 deletion(-)

diff --git a/client/src/components/User.tsx b/client/src/components/User.tsx
index df43aaa..bb27ea7 100644
--- a/client/src/components/User.tsx
+++ b/client/src/components/User.tsx
@@ -65,6 +65,7 @@ const User = ({ author }: any) => {
       }
       toastSuccess('Infos personelles changées');
       queryClient.invalidateQueries(['messages']);
+      setShow(false);
     }).catch((error) => {
       toastError(error.error);
     });
diff --git a/client/src/controllers/UserController.ts b/client/src/controllers/UserController.ts
index 4a7f732..eacafa5 100644
--- a/client/src/controllers/UserController.ts
+++ b/client/src/controllers/UserController.ts
@@ -122,8 +122,14 @@ export const changeUserInfo = async (userId: string, formData: FormData) => {
     mode: 'cors',
     headers: {
       Authorization: `Bearer ${token}`,
+      'Content-Type': 'application/json',
     },
-    body: formData,
+    body: JSON.stringify({
+      firstName,
+      lastName,
+      password,
+      newPassword,
+    }),
   });
   if (!response.ok) {
     return {error: response.statusText};
diff --git a/src/api/users/index.ts b/src/api/users/index.ts
index 8c3ebe7..301f9c0 100644
--- a/src/api/users/index.ts
+++ b/src/api/users/index.ts
@@ -1,6 +1,7 @@
 import Roles from "./roles";
 import { NextFunction, Request, Response, Router } from 'express';
 import { verifyToken } from "@/controller/AuthController";
+import { changeUserInfo } from "@/controller/UserController";
 
 const users = Router();
 
@@ -28,4 +29,26 @@ users.use(checkAuth);
 
 users.post('/:id/roles', Roles);
 
+users.put('/:id', (req: Request, res: Response) => {
+  const userId = parseInt(req.params.id);
+  const token = getToken(req);
+  if (token === undefined) {
+    return res.status(401).send({ error: 'No token provided' });
+  }
+  if (req.userId !== userId) {
+    return res.status(401).send({ error: 'Unauthorized' });
+  }
+  return changeUserInfo(userId, req.body)
+    .then((data) => {
+      if (data instanceof Error) {
+        return res.status(400).send({ error: data.message });
+      }
+      return res.status(200).send(data);
+    })
+    .catch((error) => {
+      return res.status(400).send({ error: error.message });
+    });
+});
+
+
 export default users;
\ No newline at end of file
diff --git a/src/controller/UserController.ts b/src/controller/UserController.ts
index 0c9f795..d7c766e 100644
--- a/src/controller/UserController.ts
+++ b/src/controller/UserController.ts
@@ -1,6 +1,7 @@
 import { PrismaClient, Role } from '@prisma/client';
 import { User } from '@/models/UserModel';
 import { exclude } from '@/lib/utils';
+import { comparePassword } from './AuthController';
 
 const prisma = new PrismaClient();
 
@@ -96,4 +97,57 @@ export const changeUserRoles = async (id: number, role: Role) => {
   return exclude(updatedUser, 'password');
 };
 
+export const changeUserInfo = async (
+  id: number,
+  userInfo: { firstName: string; lastName: string; password: string; newPassword?: string; confirmPassword: string }
+) => {
+  const currentUser = await prisma.user.findUnique({
+    where: {
+      id,
+    },
+  });
+
+  if (!currentUser) {
+    return new Error('User not found');
+  }
+
+  const isPasswordCorrect = await comparePassword(userInfo.password, currentUser.password);
+  if (!isPasswordCorrect) {
+    return new Error('Password is incorrect');
+  }
+  
+  if (userInfo.newPassword) {
+    if (userInfo.newPassword !== userInfo.confirmPassword) {
+      return new Error('New password and confirm password do not match');
+    }
+
+    const isPasswordSame = await comparePassword(userInfo.password, currentUser.password);
+    if (isPasswordSame) {
+      return new Error('Password are the same');
+    }
+
+    if (userInfo.newPassword !== userInfo.confirmPassword) {
+      return new Error('New password and confirm password are not the same');
+    }
+  }
+
+  const data = {
+    firstName: userInfo.firstName,
+    lastName: userInfo.lastName,
+  };
+  if (userInfo.newPassword) Object.setPrototypeOf(data, { password: userInfo.newPassword });
+
+  const updatedUser = await prisma.user.update({
+    where: {
+      id,
+    },
+    data,
+  });
+
+  if (!updatedUser) {
+    return new Error('User not found');
+  }
+  return exclude(updatedUser, 'password');
+};
+
 export { getUser, newUser, isUserExist, getUserById };