/api/user/set-account-password (PATCH)
await global.api.user.SetAccountPassword.patch(req) Located in Dashboard API
Returns object
Exceptions
These exceptions are thrown (NodeJS) or returned as JSON (HTTP) if you provide incorrect data or do not meet the requirements:
| Exception | Circumstances |
|---|---|
| invalid querystring accountid | |
| invalid-accountid | missing querystring accountid |
| invalid-account | ineligible accessing account |
| invalid posted password | |
| invalid-password | missing posted password |
| invalid-new-password | missing posted new-password |
| posted new-password too long | |
| invalid-new-password-length | posted new-password too short |
NodeJS source (edit on github)
If you see a problem with the source submit a pull request on Github.
const dashboard = require('../../../../index.js')
module.exports = {
patch: async (req) => {
if (!req.query || !req.query.accountid) {
throw new Error('invalid-accountid')
}
const account = await global.api.user.Account.get(req)
if (!account) {
throw new Error('invalid-accountid')
}
if (!req.body || !req.body['new-password']) {
throw new Error('invalid-new-password')
}
if (global.minimumPasswordLength > req.body['new-password'].length ||
global.maximumPasswordLength < req.body['new-password'].length) {
throw new Error('invalid-new-password-length')
}
if (!req.body.password || !req.body.password.length) {
throw new Error('invalid-password')
}
let dashboardEncryptionKey = global.dashboardEncryptionKey
if (req.server) {
dashboardEncryptionKey = req.server.dashboardEncryptionKey || dashboardEncryptionKey
}
const realPasswordHash = await dashboard.StorageObject.getProperty(`${req.appid}/account/${req.query.accountid}`, 'passwordHash')
const validPassword = await dashboard.Hash.bcryptHashCompare(req.body.password, realPasswordHash, dashboardEncryptionKey)
if (!validPassword) {
throw new Error('invalid-password')
}
const newPasswordHash = await dashboard.Hash.bcryptHashHash(req.body['new-password'], dashboardEncryptionKey)
await dashboard.StorageObject.setProperty(`${req.appid}/account/${req.query.accountid}`, 'passwordHash', newPasswordHash)
await dashboard.StorageObject.setProperty(`${req.appid}/account/${req.query.accountid}`, 'passwordLastChanged', dashboard.Timestamp.now)
return global.api.user.Account.get(req)
}
}
Test source (edit on github)
Tests perform real HTTP requests against a running Dashboard server.
/* eslint-env mocha */
const assert = require('assert')
const TestHelper = require('../../../../test-helper.js')
describe('/api/user/set-account-password', () => {
describe('exceptions', () => {
describe('invalid-accountid', () => {
it('missing querystring accountid', async () => {
const user = await TestHelper.createUser()
const req = TestHelper.createRequest('/api/user/set-account-password')
req.account = user.account
req.session = user.session
let errorMessage
try {
await req.patch()
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-accountid')
})
it('invalid querystring accountid', async () => {
const user = await TestHelper.createUser()
const req = TestHelper.createRequest('/api/user/set-account-password?accountid=invalid')
req.account = user.account
req.session = user.session
let errorMessage
try {
await req.patch()
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-accountid')
})
})
describe('invalid-account', () => {
it('ineligible accessing account', async () => {
const user = await TestHelper.createUser()
const user2 = await TestHelper.createUser()
const req = TestHelper.createRequest(`/api/user/set-account-password?accountid=${user2.account.accountid}`)
req.account = user.account
req.session = user.session
let errorMessage
try {
await req.patch()
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-account')
})
})
describe('invalid-password', () => {
it('missing posted password', async () => {
const user = await TestHelper.createUser()
const req = TestHelper.createRequest(`/api/user/set-account-password?accountid=${user.account.accountid}`)
req.account = user.account
req.session = user.session
req.body = {
'new-password': '1234567890',
password: ''
}
let errorMessage
try {
await req.patch(req)
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-password')
})
it('invalid posted password', async () => {
const user = await TestHelper.createUser()
const req = TestHelper.createRequest(`/api/user/set-account-password?accountid=${user.account.accountid}`)
req.account = user.account
req.session = user.session
req.body = {
'new-password': '1234567890',
password: 'invalid'
}
let errorMessage
try {
await req.patch(req)
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-password')
})
})
describe('invalid-new-password', () => {
it('missing posted new-password', async () => {
const user = await TestHelper.createUser()
const req = TestHelper.createRequest(`/api/user/set-account-password?accountid=${user.account.accountid}`)
req.account = user.account
req.session = user.session
req.body = {
'new-password': '',
password: '1234567890'
}
let errorMessage
try {
await req.patch(req)
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-new-password')
})
})
describe('invalid-new-password-length', () => {
it('posted new-password too short', async () => {
const user = await TestHelper.createUser()
const req = TestHelper.createRequest(`/api/user/set-account-password?accountid=${user.account.accountid}`)
req.account = user.account
req.session = user.session
req.body = {
'new-password': '1',
password: user.account.password
}
global.minimumPasswordLength = 100
let errorMessage
try {
await req.patch(req)
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-new-password-length')
})
it('posted new-password too long', async () => {
const user = await TestHelper.createUser()
const req = TestHelper.createRequest(`/api/user/set-account-password?accountid=${user.account.accountid}`)
req.account = user.account
req.session = user.session
req.body = {
'new-password': '12345678',
password: user.account.password
}
global.maximumPasswordLength = 1
let errorMessage
try {
await req.patch(req)
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-new-password-length')
})
})
})
describe('returns', () => {
it('object', async () => {
const user = await TestHelper.createUser()
const req = TestHelper.createRequest(`/api/user/set-account-password?accountid=${user.account.accountid}`)
req.account = user.account
req.session = user.session
req.body = {
'new-password': '1234567890',
password: user.account.password
}
req.filename = __filename
req.saveResponse = true
const account = await req.patch()
assert.strictEqual(account.object, 'account')
})
})
})