check password to change infos

client/src/components/User.tsx

@@ -65,6 +65,7 @@ const User = ({ author }: any) => {
       }
       toastSuccess('Infos personelles changées');
       queryClient.invalidateQueries(['messages']);
+      setShow(false);
     }).catch((error) => {
       toastError(error.error);
     });

client/src/controllers/UserController.ts

@@ -122,8 +122,14 @@ export const changeUserInfo = async (userId: string, formData: FormData) => {
     mode: 'cors',
     headers: {
       Authorization: `Bearer ${token}`,
+      'Content-Type': 'application/json',
     },
-    body: formData,
+    body: JSON.stringify({
+      firstName,
+      lastName,
+      password,
+      newPassword,
+    }),
   });
   if (!response.ok) {
     return {error: response.statusText};

src/api/users/index.ts

@@ -1,6 +1,7 @@
 import Roles from "./roles";
 import { NextFunction, Request, Response, Router } from 'express';
 import { verifyToken } from "@/controller/AuthController";
+import { changeUserInfo } from "@/controller/UserController";
 
 const users = Router();
 
@@ -28,4 +29,26 @@ users.use(checkAuth);
 
 users.post('/:id/roles', Roles);
 
+users.put('/:id', (req: Request, res: Response) => {
+  const userId = parseInt(req.params.id);
+  const token = getToken(req);
+  if (token === undefined) {
+    return res.status(401).send({ error: 'No token provided' });
+  }
+  if (req.userId !== userId) {
+    return res.status(401).send({ error: 'Unauthorized' });
+  }
+  return changeUserInfo(userId, req.body)
+    .then((data) => {
+      if (data instanceof Error) {
+        return res.status(400).send({ error: data.message });
+      }
+      return res.status(200).send(data);
+    })
+    .catch((error) => {
+      return res.status(400).send({ error: error.message });
+    });
+});
+
+
 export default users;

src/controller/UserController.ts

@@ -1,6 +1,7 @@
 import { PrismaClient, Role } from '@prisma/client';
 import { User } from '@/models/UserModel';
 import { exclude } from '@/lib/utils';
+import { comparePassword } from './AuthController';
 
 const prisma = new PrismaClient();
 
@@ -96,4 +97,57 @@ export const changeUserRoles = async (id: number, role: Role) => {
   return exclude(updatedUser, 'password');
 };
 
+export const changeUserInfo = async (
+  id: number,
+  userInfo: { firstName: string; lastName: string; password: string; newPassword?: string; confirmPassword: string }
+) => {
+  const currentUser = await prisma.user.findUnique({
+    where: {
+      id,
+    },
+  });
+
+  if (!currentUser) {
+    return new Error('User not found');
+  }
+
+  const isPasswordCorrect = await comparePassword(userInfo.password, currentUser.password);
+  if (!isPasswordCorrect) {
+    return new Error('Password is incorrect');
+  }
+  
+  if (userInfo.newPassword) {
+    if (userInfo.newPassword !== userInfo.confirmPassword) {
+      return new Error('New password and confirm password do not match');
+    }
+
+    const isPasswordSame = await comparePassword(userInfo.password, currentUser.password);
+    if (isPasswordSame) {
+      return new Error('Password are the same');
+    }
+
+    if (userInfo.newPassword !== userInfo.confirmPassword) {
+      return new Error('New password and confirm password are not the same');
+    }
+  }
+
+  const data = {
+    firstName: userInfo.firstName,
+    lastName: userInfo.lastName,
+  };
+  if (userInfo.newPassword) Object.setPrototypeOf(data, { password: userInfo.newPassword });
+
+  const updatedUser = await prisma.user.update({
+    where: {
+      id,
+    },
+    data,
+  });
+
+  if (!updatedUser) {
+    return new Error('User not found');
+  }
+  return exclude(updatedUser, 'password');
+};
+
 export { getUser, newUser, isUserExist, getUserById };