/api/user/set-account-password (PATCH)
Account information like email addresses is generated with faker-js it is not real user information.
await global.api.user.SetAccountPassword.patch(req)Returns object
{
"accountid": "acct_29ad7e1fe2b2bdbd",
"object": "account",
"appid": "tests_1656038581",
"profileid": "prof_295629b887709a1b",
"sessionKeyNumber": 1,
"lastSignedInAt": "2022-06-24T02:43:01.000Z",
"owner": true,
"ownerSince": "2022-06-24T02:43:01.000Z",
"administrator": true,
"administratorSince": "2022-06-24T02:43:01.000Z",
"passwordLastChangedAt": "2022-06-24T02:43:01.000Z",
"createdAt": "2022-06-24T02:43:01.485Z",
"updatedAt": "2022-06-24T02:43:01.520Z"
}
Exceptions
These exceptions are thrown (NodeJS) or returned as JSON (HTTP) if you provide incorrect data or do not meet the requirements:
Exception | Circumstances |
---|---|
invalid-account | ineligible accessing account |
invalid-accountid | missing querystring accountid |
invalid querystring accountid | |
invalid-new-password | missing posted new-password |
invalid-new-password-length | posted new-password too short |
posted new-password too long | |
invalid-password | missing posted password |
invalid posted password |
NodeJS source (view on github)
const dashboard = require('../../../../index.js')
module.exports = {
patch: async (req) => {
if (!req.query || !req.query.accountid) {
throw new Error('invalid-accountid')
}
let accountInfo
try {
accountInfo = await dashboard.Storage.Account.findOne({
where: {
accountid: req.query.accountid,
appid: req.appid || global.appid
}
})
} catch (error) {
}
if (!accountInfo) {
throw new Error('invalid-accountid')
}
if (accountInfo.dataValues.accountid !== req.account.accountid) {
throw new Error('invalid-account')
}
if (!req.body || !req.body['new-password']) {
throw new Error('invalid-new-password')
}
if (global.minimumPasswordLength > req.body['new-password'].length ||
global.maximumPasswordLength < req.body['new-password'].length) {
throw new Error('invalid-new-password-length')
}
if (!req.body.password || !req.body.password.length) {
throw new Error('invalid-password')
}
let dashboardEncryptionKey = global.dashboardEncryptionKey
if (req.server) {
dashboardEncryptionKey = req.server.dashboardEncryptionKey || dashboardEncryptionKey
}
const validPassword = await dashboard.Hash.bcryptHashCompare(req.body.password, accountInfo.dataValues.passwordHash, dashboardEncryptionKey)
if (!validPassword) {
throw new Error('invalid-password')
}
const newPasswordHash = await dashboard.Hash.bcryptHashHash(req.body['new-password'], dashboardEncryptionKey)
await dashboard.Storage.Account.update({
passwordHash: newPasswordHash,
passwordLastChangedAt: new Date()
}, {
where: {
accountid: req.query.accountid,
appid: req.appid || global.appid
}
})
await dashboard.StorageCache.remove(req.query.accountid)
return global.api.user.Account.get(req)
}
}
Test source (view on github)
/* eslint-env mocha */
const assert = require('assert')
const TestHelper = require('../../../../test-helper.js')
describe('/api/user/set-account-password', () => {
describe('exceptions', () => {
describe('invalid-accountid', () => {
it('missing querystring accountid', async () => {
const user = await TestHelper.createUser()
const req = TestHelper.createRequest('/api/user/set-account-password')
req.account = user.account
req.session = user.session
let errorMessage
try {
await req.patch()
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-accountid')
})
it('invalid querystring accountid', async () => {
const user = await TestHelper.createUser()
const req = TestHelper.createRequest('/api/user/set-account-password?accountid=invalid')
req.account = user.account
req.session = user.session
let errorMessage
try {
await req.patch()
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-accountid')
})
})
describe('invalid-account', () => {
it('ineligible accessing account', async () => {
const user = await TestHelper.createUser()
const user2 = await TestHelper.createUser()
const req = TestHelper.createRequest(`/api/user/set-account-password?accountid=${user2.account.accountid}`)
req.account = user.account
req.session = user.session
let errorMessage
try {
await req.patch()
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-account')
})
})
describe('invalid-password', () => {
it('missing posted password', async () => {
const user = await TestHelper.createUser()
const req = TestHelper.createRequest(`/api/user/set-account-password?accountid=${user.account.accountid}`)
req.account = user.account
req.session = user.session
req.body = {
'new-password': '1234567890',
password: ''
}
let errorMessage
try {
await req.patch(req)
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-password')
})
it('invalid posted password', async () => {
const user = await TestHelper.createUser()
const req = TestHelper.createRequest(`/api/user/set-account-password?accountid=${user.account.accountid}`)
req.account = user.account
req.session = user.session
req.body = {
'new-password': '1234567890',
password: 'invalid'
}
let errorMessage
try {
await req.patch(req)
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-password')
})
})
describe('invalid-new-password', () => {
it('missing posted new-password', async () => {
const user = await TestHelper.createUser()
const req = TestHelper.createRequest(`/api/user/set-account-password?accountid=${user.account.accountid}`)
req.account = user.account
req.session = user.session
req.body = {
'new-password': '',
password: '1234567890'
}
let errorMessage
try {
await req.patch(req)
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-new-password')
})
})
describe('invalid-new-password-length', () => {
it('posted new-password too short', async () => {
const user = await TestHelper.createUser()
const req = TestHelper.createRequest(`/api/user/set-account-password?accountid=${user.account.accountid}`)
req.account = user.account
req.session = user.session
req.body = {
'new-password': '1',
password: user.account.password
}
global.minimumPasswordLength = 100
let errorMessage
try {
await req.patch(req)
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-new-password-length')
})
it('posted new-password too long', async () => {
const user = await TestHelper.createUser()
const req = TestHelper.createRequest(`/api/user/set-account-password?accountid=${user.account.accountid}`)
req.account = user.account
req.session = user.session
req.body = {
'new-password': '12345678',
password: user.account.password
}
global.maximumPasswordLength = 1
let errorMessage
try {
await req.patch(req)
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-new-password-length')
})
})
})
describe('returns', () => {
it('object', async () => {
const user = await TestHelper.createUser()
const req = TestHelper.createRequest(`/api/user/set-account-password?accountid=${user.account.accountid}`)
req.account = user.account
req.session = user.session
req.body = {
'new-password': '1234567890',
password: user.account.password
}
req.filename = __filename
req.saveResponse = true
const account = await req.patch()
assert.strictEqual(account.object, 'account')
})
})
})