tracker/api-js/src/user/mutations/update-user-password.js at master · LearningAzure2020/tracker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
import { GraphQLString, GraphQLNonNull } from 'graphql'
import { mutationWithClientMutationId } from 'graphql-relay'
import { t } from '@lingui/macro'

import { updateUserPasswordUnion } from '../unions'

export const updateUserPassword = new mutationWithClientMutationId({
  name: 'UpdateUserPassword',
  description:
    'This mutation allows the user to update their account password.',
  inputFields: () => ({
    currentPassword: {
      type: GraphQLNonNull(GraphQLString),
      description:
        'The users current password to verify it is the current user.',
    },
    updatedPassword: {
      type: GraphQLNonNull(GraphQLString),
      description: 'The new password the user wishes to change to.',
    },
    updatedPasswordConfirm: {
      type: GraphQLNonNull(GraphQLString),
      description: 'A password confirmation of their new password.',
    },
  }),
  outputFields: () => ({
    result: {
      type: updateUserPasswordUnion,
      description:
        '`UpdateUserPasswordUnion` returning either a `UpdateUserPasswordResultType`, or `UpdateUserPasswordError` object.',
      resolve: (payload) => payload,
    },
  }),
  mutateAndGetPayload: async (
    args,
    {
      i18n,
      query,
      collections,
      transaction,
      auth: { bcrypt, userRequired },
      validators: { cleanseInput },
    },
  ) => {
    // Cleanse Input
    const currentPassword = cleanseInput(args.currentPassword)
    const updatedPassword = cleanseInput(args.updatedPassword)
    const updatedPasswordConfirm = cleanseInput(args.updatedPasswordConfirm)

    // Get user from db
    const user = await userRequired()

    // Check to see if current passwords match
    if (!bcrypt.compareSync(currentPassword, user.password)) {
      console.warn(
        `User: ${user._key} attempted to update their password, however they did not enter the current password correctly.`,
      )
      return {
        _type: 'error',
        code: 400,
        description: i18n._(
          t`Unable to update password, current password does not match. Please try again.`,
        ),
      }
    }

    // Check to see if new passwords match
    if (updatedPassword !== updatedPasswordConfirm) {
      console.warn(
        `User: ${user._key} attempted to update their password, however the new passwords do not match.`,
      )
      return {
        _type: 'error',
        code: 400,
        description: i18n._(
          t`Unable to update password, new passwords do not match. Please try again.`,
        ),
      }
    }

    // Check to see if they meet GoC requirements
    if (updatedPassword.length < 12) {
      console.warn(
        `User: ${user._key} attempted to update their password, however the new password does not meet GoC requirements.`,
      )
      return {
        _type: 'error',
        code: 400,
        description: i18n._(
          t`Unable to update password, passwords do not match requirements. Please try again.`,
        ),
      }
    }

    // Update password in DB
    const hashedPassword = bcrypt.hashSync(updatedPassword, 10)

    // Generate list of collections names
    const collectionStrings = []
    for (const property in collections) {
      collectionStrings.push(property.toString())
    }

    // Setup Transaction
    const trx = await transaction(collectionStrings)

    try {
      await trx.step(
        () => query`
          WITH users
          FOR user IN users
            UPDATE ${user._key} WITH { password: ${hashedPassword} } IN users
        `,
      )
    } catch (err) {
      console.error(
        `Trx step error occurred when user: ${user._key} attempted to update their password: ${err}`,
      )
      throw new Error(i18n._(t`Unable to update password. Please try again.`))
    }

    try {
      await trx.commit()
    } catch (err) {
      console.error(
        `Trx commit error occurred when user: ${user._key} attempted to update their password: ${err}`,
      )
      throw new Error(i18n._(t`Unable to update password. Please try again.`))
    }

    console.info(`User: ${user._key} successfully updated their password.`)
    return {
      _type: 'regular',
      status: i18n._(t`Password was successfully updated.`),
    }
  },
})