API implementation for changing password

Taskfile.yml

@@ -20,7 +20,7 @@ tasks:
           --path ./backend/app/api/docs/swagger.json \
           --output ./frontend/lib/api/types
 
-        python3 ./scripts/process-types.py ./frontend/lib/api/types/data-contracts.ts
+      - python3 ./scripts/process-types.py ./frontend/lib/api/types/data-contracts.ts
     sources:
       - "./backend/app/api/**/*"
       - "./backend/internal/repo/**/*"

backend/app/api/docs/docs.go

@@ -822,6 +822,35 @@ const docTemplate = `{
                 }
             }
         },
+        "/v1/users/change-password": {
+            "put": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "tags": [
+                    "User"
+                ],
+                "summary": "Updates the users password",
+                "parameters": [
+                    {
+                        "description": "Password Payload",
+                        "name": "payload",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/v1.ChangePassword"
+                        }
+                    }
+                ],
+                "responses": {
+                    "204": {
+                        "description": ""
+                    }
+                }
+            }
+        },
         "/v1/users/login": {
             "post": {
                 "consumes": [
@@ -1579,6 +1608,17 @@ const docTemplate = `{
                 }
             }
         },
+        "v1.ChangePassword": {
+            "type": "object",
+            "properties": {
+                "current": {
+                    "type": "string"
+                },
+                "new": {
+                    "type": "string"
+                }
+            }
+        },
         "v1.GroupInvitation": {
             "type": "object",
             "properties": {

backend/app/api/docs/swagger.json

@@ -814,6 +814,35 @@
                 }
             }
         },
+        "/v1/users/change-password": {
+            "put": {
+                "security": [
+                    {
+                        "Bearer": []
+                    }
+                ],
+                "tags": [
+                    "User"
+                ],
+                "summary": "Updates the users password",
+                "parameters": [
+                    {
+                        "description": "Password Payload",
+                        "name": "payload",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/v1.ChangePassword"
+                        }
+                    }
+                ],
+                "responses": {
+                    "204": {
+                        "description": ""
+                    }
+                }
+            }
+        },
         "/v1/users/login": {
             "post": {
                 "consumes": [
@@ -1571,6 +1600,17 @@
                 }
             }
         },
+        "v1.ChangePassword": {
+            "type": "object",
+            "properties": {
+                "current": {
+                    "type": "string"
+                },
+                "new": {
+                    "type": "string"
+                }
+            }
+        },
         "v1.GroupInvitation": {
             "type": "object",
             "properties": {

backend/app/api/docs/swagger.yaml

@@ -353,6 +353,13 @@ definitions:
       version:
         type: string
     type: object
+  v1.ChangePassword:
+    properties:
+      current:
+        type: string
+      new:
+        type: string
+    type: object
   v1.GroupInvitation:
     properties:
       expiresAt:
@@ -877,6 +884,23 @@ paths:
       summary: Retrieves the basic information about the API
       tags:
       - Base
+  /v1/users/change-password:
+    put:
+      parameters:
+      - description: Password Payload
+        in: body
+        name: payload
+        required: true
+        schema:
+          $ref: '#/definitions/v1.ChangePassword'
+      responses:
+        "204":
+          description: ""
+      security:
+      - Bearer: []
+      summary: Updates the users password
+      tags:
+      - User
   /v1/users/login:
     post:
       consumes:

backend/app/api/routes.go

@@ -65,6 +65,7 @@ func (a *app) newRouter(repos *repo.AllRepos) *chi.Mux {
 			r.Put(v1Base("/users/self/password"), v1Ctrl.HandleUserUpdatePassword())
 			r.Post(v1Base("/users/logout"), v1Ctrl.HandleAuthLogout())
 			r.Get(v1Base("/users/refresh"), v1Ctrl.HandleAuthRefresh())
+			r.Put(v1Base("/users/self/change-password"), v1Ctrl.HandleUserSelfChangePassword())
 
 			r.Post(v1Base("/groups/invitations"), v1Ctrl.HandleGroupInvitationsCreate())
 

backend/app/api/v1/v1_ctrl_user.go

@@ -119,3 +119,37 @@ func (ctrl *V1Controller) HandleUserSelfDelete() http.HandlerFunc {
 		server.Respond(w, http.StatusNoContent, nil)
 	}
 }
+
+type (
+	ChangePassword struct {
+		Current string `json:"current,omitempty"`
+		New     string `json:"new,omitempty"`
+	}
+)
+
+// HandleUserSelfChangePassword godoc
+// @Summary   Updates the users password
+// @Tags      User
+// @Success   204
+// @Param     payload  body  ChangePassword  true  "Password Payload"
+// @Router    /v1/users/change-password [PUT]
+// @Security  Bearer
+func (ctrl *V1Controller) HandleUserSelfChangePassword() http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var cp ChangePassword
+		err := server.Decode(r, &cp)
+		if err != nil {
+			log.Err(err).Msg("user failed to change password")
+		}
+
+		ctx := services.NewContext(r.Context())
+
+		ok := ctrl.svc.User.ChangePassword(ctx, cp.Current, cp.New)
+		if !ok {
+			server.RespondError(w, http.StatusInternalServerError, err)
+			return
+		}
+
+		server.Respond(w, http.StatusNoContent, nil)
+	}
+}

backend/internal/repo/repo_users.go

@@ -121,3 +121,7 @@ func (e *UserRepository) GetSuperusers(ctx context.Context) ([]*ent.User, error)
 
 	return users, nil
 }
+
+func (r *UserRepository) ChangePassword(ctx context.Context, UID uuid.UUID, pw string) error {
+	return r.db.User.UpdateOneID(UID).SetPassword(pw).Exec(ctx)
+}

backend/internal/services/service_user.go

@@ -196,3 +196,29 @@ func (svc *UserService) NewInvitation(ctx Context, uses int, expiresAt time.Time
 
 	return token.Raw, nil
 }
+
+func (svc *UserService) ChangePassword(ctx Context, current string, new string) (ok bool) {
+	usr, err := svc.repos.Users.GetOneId(ctx, ctx.UID)
+	if err != nil {
+		return false
+	}
+
+	if !hasher.CheckPasswordHash(current, usr.PasswordHash) {
+		log.Err(errors.New("current password is incorrect")).Msg("Failed to change password")
+		return false
+	}
+
+	hashed, err := hasher.HashPassword(new)
+	if err != nil {
+		log.Err(err).Msg("Failed to hash password")
+		return false
+	}
+
+	err = svc.repos.Users.ChangePassword(ctx.Context, ctx.UID, hashed)
+	if err != nil {
+		log.Err(err).Msg("Failed to change password")
+		return false
+	}
+
+	return true
+}

frontend/lib/api/__test__/factories/index.ts

@@ -1,4 +1,5 @@
 import { faker } from "@faker-js/faker";
+import { expect } from "vitest";
 import { overrideParts } from "../../base/urls";
 import { PublicApi } from "../../public";
 import { LabelCreate, LocationCreate, UserRegistration } from "../../types/data-contracts";
@@ -55,8 +56,11 @@ async function userSingleUse(): Promise<TestUser> {
   const usr = user();
 
   const pub = publicClient();
-  pub.register(usr);
+  await pub.register(usr);
-  const result = await pub.login(usr.name, usr.password);
+  const result = await pub.login(usr.email, usr.password);
+
+  expect(result.error).toBeFalsy();
+  expect(result.status).toBe(200);
 
   return {
     client: new UserClient(new Requests("", result.data.token)),

frontend/lib/api/__test__/user/user.test.ts

@@ -0,0 +1,27 @@
+import { faker } from "@faker-js/faker";
+import { describe, expect, test } from "vitest";
+import { factories } from "../factories";
+
+describe("basic user workflows", () => {
+  test("user should be able to change password", async () => {
+    const { client, user } = await factories.client.singleUse();
+    const password = faker.internet.password();
+
+    // Change Password
+    {
+      const response = await client.user.changePassword(user.password, password);
+      expect(response.error).toBeFalsy();
+      expect(response.status).toBe(204);
+    }
+
+    // Ensure New Login is Valid
+    {
+      const pub = factories.client.public();
+      const response = await pub.login(user.email, password);
+      expect(response.error).toBeFalsy();
+      expect(response.status).toBe(200);
+    }
+
+    await client.user.delete();
+  }, 20000);
+});

frontend/lib/api/classes/users.ts

@@ -1,5 +1,5 @@
 import { BaseAPI, route } from "../base";
-import { UserOut } from "../types/data-contracts";
+import { ChangePassword, UserOut } from "../types/data-contracts";
 import { Result } from "../types/non-generated";
 
 export class UserApi extends BaseAPI {
@@ -14,4 +14,14 @@ export class UserApi extends BaseAPI {
   public delete() {
     return this.http.delete<void>({ url: route("/users/self") });
   }
+
+  public changePassword(current: string, newPassword: string) {
+    return this.http.put<ChangePassword, void>({
+      url: route("/users/self/change-password"),
+      body: {
+        current,
+        new: newPassword,
+      },
+    });
+  }
 }

frontend/lib/api/types/data-contracts.ts

@@ -238,6 +238,11 @@ export interface Build {
   version: string;
 }
 
+export interface ChangePassword {
+  current: string;
+  new: string;
+}
+
 export interface GroupInvitation {
   expiresAt: Date;
   token: string;