Dashboard API explorer

/api/user/set-account-password (PATCH)

Account information like email addresses is generated with faker-js it is not real user information.

await global.api.user.SetAccountPassword.patch(req)

Returns object

{
  "accountid": "acct_29ad7e1fe2b2bdbd",
  "object": "account",
  "appid": "tests_1656038581",
  "profileid": "prof_295629b887709a1b",
  "sessionKeyNumber": 1,
  "lastSignedInAt": "2022-06-24T02:43:01.000Z",
  "owner": true,
  "ownerSince": "2022-06-24T02:43:01.000Z",
  "administrator": true,
  "administratorSince": "2022-06-24T02:43:01.000Z",
  "passwordLastChangedAt": "2022-06-24T02:43:01.000Z",
  "createdAt": "2022-06-24T02:43:01.485Z",
  "updatedAt": "2022-06-24T02:43:01.520Z"
}

Exceptions

These exceptions are thrown (NodeJS) or returned as JSON (HTTP) if you provide incorrect data or do not meet the requirements:

Exception Circumstances
invalid-account ineligible accessing account
invalid-accountid missing querystring accountid
invalid querystring accountid
invalid-new-password missing posted new-password
invalid-new-password-length posted new-password too short
posted new-password too long
invalid-password missing posted password
invalid posted password

NodeJS source (view on github)

const dashboard = require('../../../../index.js')

module.exports = {
  patch: async (req) => {
    if (!req.query || !req.query.accountid) {
      throw new Error('invalid-accountid')
    }
    let accountInfo
    try {
      accountInfo = await dashboard.Storage.Account.findOne({
        where: {
          accountid: req.query.accountid,
          appid: req.appid || global.appid
        }
      })
    } catch (error) {
    }
    if (!accountInfo) {
      throw new Error('invalid-accountid')
    }
    if (accountInfo.dataValues.accountid !== req.account.accountid) {
      throw new Error('invalid-account')
    }
    if (!req.body || !req.body['new-password']) {
      throw new Error('invalid-new-password')
    }
    if (global.minimumPasswordLength > req.body['new-password'].length ||
      global.maximumPasswordLength < req.body['new-password'].length) {
      throw new Error('invalid-new-password-length')
    }
    if (!req.body.password || !req.body.password.length) {
      throw new Error('invalid-password')
    }
    let dashboardEncryptionKey = global.dashboardEncryptionKey
    if (req.server) {
      dashboardEncryptionKey = req.server.dashboardEncryptionKey || dashboardEncryptionKey
    }
    const validPassword = await dashboard.Hash.bcryptHashCompare(req.body.password, accountInfo.dataValues.passwordHash, dashboardEncryptionKey)
    if (!validPassword) {
      throw new Error('invalid-password')
    }
    const newPasswordHash = await dashboard.Hash.bcryptHashHash(req.body['new-password'], dashboardEncryptionKey)
    await dashboard.Storage.Account.update({
      passwordHash: newPasswordHash,
      passwordLastChangedAt: new Date()
    }, {
      where: {
        accountid: req.query.accountid,
        appid: req.appid || global.appid
      }
    })
    await dashboard.StorageCache.remove(req.query.accountid)
    return global.api.user.Account.get(req)
  }
}

Test source (view on github)

/* eslint-env mocha */
const assert = require('assert')
const TestHelper = require('../../../../test-helper.js')

describe('/api/user/set-account-password', () => {
  describe('exceptions', () => {
    describe('invalid-accountid', () => {
      it('missing querystring accountid', async () => {
        const user = await TestHelper.createUser()
        const req = TestHelper.createRequest('/api/user/set-account-password')
        req.account = user.account
        req.session = user.session
        let errorMessage
        try {
          await req.patch()
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-accountid')
      })

      it('invalid querystring accountid', async () => {
        const user = await TestHelper.createUser()
        const req = TestHelper.createRequest('/api/user/set-account-password?accountid=invalid')
        req.account = user.account
        req.session = user.session
        let errorMessage
        try {
          await req.patch()
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-accountid')
      })
    })

    describe('invalid-account', () => {
      it('ineligible accessing account', async () => {
        const user = await TestHelper.createUser()
        const user2 = await TestHelper.createUser()
        const req = TestHelper.createRequest(`/api/user/set-account-password?accountid=${user2.account.accountid}`)
        req.account = user.account
        req.session = user.session
        let errorMessage
        try {
          await req.patch()
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-account')
      })
    })

    describe('invalid-password', () => {
      it('missing posted password', async () => {
        const user = await TestHelper.createUser()
        const req = TestHelper.createRequest(`/api/user/set-account-password?accountid=${user.account.accountid}`)
        req.account = user.account
        req.session = user.session
        req.body = {
          'new-password': '1234567890',
          password: ''
        }
        let errorMessage
        try {
          await req.patch(req)
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-password')
      })

      it('invalid posted password', async () => {
        const user = await TestHelper.createUser()
        const req = TestHelper.createRequest(`/api/user/set-account-password?accountid=${user.account.accountid}`)
        req.account = user.account
        req.session = user.session
        req.body = {
          'new-password': '1234567890',
          password: 'invalid'
        }
        let errorMessage
        try {
          await req.patch(req)
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-password')
      })
    })

    describe('invalid-new-password', () => {
      it('missing posted new-password', async () => {
        const user = await TestHelper.createUser()
        const req = TestHelper.createRequest(`/api/user/set-account-password?accountid=${user.account.accountid}`)
        req.account = user.account
        req.session = user.session
        req.body = {
          'new-password': '',
          password: '1234567890'
        }
        let errorMessage
        try {
          await req.patch(req)
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-new-password')
      })
    })

    describe('invalid-new-password-length', () => {
      it('posted new-password too short', async () => {
        const user = await TestHelper.createUser()
        const req = TestHelper.createRequest(`/api/user/set-account-password?accountid=${user.account.accountid}`)
        req.account = user.account
        req.session = user.session
        req.body = {
          'new-password': '1',
          password: user.account.password
        }
        global.minimumPasswordLength = 100
        let errorMessage
        try {
          await req.patch(req)
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-new-password-length')
      })

      it('posted new-password too long', async () => {
        const user = await TestHelper.createUser()
        const req = TestHelper.createRequest(`/api/user/set-account-password?accountid=${user.account.accountid}`)
        req.account = user.account
        req.session = user.session
        req.body = {
          'new-password': '12345678',
          password: user.account.password
        }
        global.maximumPasswordLength = 1
        let errorMessage
        try {
          await req.patch(req)
        } catch (error) {
          errorMessage = error.message
        }
        assert.strictEqual(errorMessage, 'invalid-new-password-length')
      })
    })
  })

  describe('returns', () => {
    it('object', async () => {
      const user = await TestHelper.createUser()
      const req = TestHelper.createRequest(`/api/user/set-account-password?accountid=${user.account.accountid}`)
      req.account = user.account
      req.session = user.session
      req.body = {
        'new-password': '1234567890',
        password: user.account.password
      }
      req.filename = __filename
      req.saveResponse = true
      const account = await req.patch()
      assert.strictEqual(account.object, 'account')
    })
  })
})