Merge pull request #7 from fga-eps-mds/feat_update

user can change password
fga-eps-mds · Dec 9, 2024 · af6428c · af6428c
2 parents 2fcd726 + d8c5c66
commit af6428c
Show file tree

Hide file tree

Showing 3 changed files with 73 additions and 11 deletions.
diff --git a/eslint.config.mjs b/eslint.config.mjs
@@ -0,0 +1,11 @@
+import globals from "globals";
+import pluginJs from "@eslint/js";
+import pluginReact from "eslint-plugin-react";
+
+/** @type {import('eslint').Linter.Config[]} */
+export default [
+    { files: ["**/*.{js,mjs,cjs,jsx}"] },
+    { languageOptions: { globals: globals.browser } },
+    pluginJs.configs.recommended,
+    pluginReact.configs.flat.recommended,
+];
diff --git a/src/Controllers/userController.js b/src/Controllers/userController.js
@@ -124,6 +124,54 @@ const getUserById = async (req, res) => {
     }
 };
 
+const getLoggedUserId = async (req, res) => {
+    const token = req.headers.authorization?.split(" ")[1];
+
+    if (!token) {
+        return res.status(401).json({ message: "Token não fornecido" });
+    }
+
+    try {
+        const decoded = jwt.verify(token, SECRET);
+
+        userId = decoded.id;
+    } catch (err) {
+        console.log(err);
+        return res.status(401).json({ message: "Token inválido ou expirado" });
+    }
+    return userId;
+};
+
+const getLoggedUser = async (req, res) => {
+    //let userId = await this.getLoggedUserId(req,res);
+
+    const token = req.headers.authorization?.split(" ")[1];
+
+    if (!token) {
+        return res.status(401).json({ message: "Token não fornecido" });
+    }
+
+    try {
+        const decoded = jwt.verify(token, SECRET);
+
+        userId = decoded.id;
+    } catch (err) {
+        console.log(err);
+
+        return res.status(401).json({ message: "Token inválido ou expirado" });
+    }
+
+    try {
+        const user = await User.findById(userId).populate("role");
+        if (!user) {
+            return res.status(404).send();
+        }
+        res.status(200).send(user);
+    } catch (error) {
+        res.status(500).send(error);
+    }
+};
+
 const patchUser = async (req, res) => {
     const userId = req.params.id;
 
@@ -178,6 +226,7 @@ const deleteUser = async (req, res) => {
 
 const update = async (req, res) => {
     let userId;
+
     const token = req.headers.authorization?.split(" ")[1];
 
     if (!token) {
@@ -188,8 +237,9 @@ const update = async (req, res) => {
         const decoded = jwt.verify(token, SECRET);
 
         userId = decoded.id;
-        // eslint-disable-next-line no-unused-vars
     } catch (err) {
+        console.log(err);
+
         return res.status(401).json({ message: "Token inválido ou expirado" });
     }
 
@@ -295,22 +345,15 @@ const changePassword = async (req, res) => {
 
 const changePasswordInProfile = async (req, res) => {
     const { old_password, new_password } = req.body;
-    const userId = req.params.id;
+
+    const userId = await getLoggedUserId(req, res);
 
     try {
         const user = await User.findById(userId);
 
         if (!user) {
             return res.status(404).send();
         }
-
-        if (userId !== req.userId) {
-            return res.status(403).json({
-                mensagem:
-                    "O token fornecido não tem permissão para finalizar a operação",
-            });
-        }
-
         if (!bcrypt.compareSync(old_password, user.password)) {
             return res.status(401).json({
                 mensagem: "Senha atual incorreta.",
@@ -324,7 +367,7 @@ const changePasswordInProfile = async (req, res) => {
             mensagem: "senha alterada com sucesso.",
         });
     } catch (error) {
-        return res.status(500).send(error);
+        return res.status(500).send({ myerror: error });
     }
 };
 const teste = async (req, res) => {
@@ -345,6 +388,7 @@ module.exports = {
     getUsers,
     getUserById,
     update,
+    getLoggedUser,
     deleteUser,
     patchUser,
     recoverPassword,

diff --git a/src/routes.js b/src/routes.js
@@ -13,6 +13,7 @@ const OrganController = require("./Controllers/organController");
 // --user
 routes.get("/users", tokenValidation, UserController.getUsers);
 routes.get("/users/:id", tokenValidation, UserController.getUserById);
+routes.get("/user", tokenValidation, UserController.getLoggedUser);
 routes.patch("/users/patch/:id", tokenValidation, UserController.patchUser);
 routes.delete("/users/delete/:id", tokenValidation, UserController.deleteUser);
 routes.put("/user", tokenValidation, UserController.update);
@@ -38,6 +39,12 @@ routes.post("/login", UserController.login);
 routes.post("/users/recover-password", UserController.recoverPassword);
 routes.post("/verify-token", TokenController.getToken);
 routes.patch("/users/change-password/:id", UserController.changePassword);
+routes.patch(
+    "/users/renew-password",
+    tokenValidation,
+    UserController.changePasswordInProfile
+);
+
 //
 routes.post("/membership/create", MembershipForm.createMembershipForm);
 routes.get("/membership", MembershipForm.getMembershipForm);