update password

src/client/js/components/Me/PasswordSettings.jsx

@@ -57,11 +57,14 @@ class PasswordSettings extends React.Component {
       await appContainer.apiv3Put('/personal-setting/password', {
         oldPassword, newPassword, newPasswordConfirm,
       });
+      this.setState({ oldPassword: '', newPassword: '', newPasswordConfirm: '' });
       toastSuccess(t('toaster.update_successed', { target: t('personal_settings.update_password') }));
     }
     catch (err) {
       toastError(err);
     }
+
+    this.retrievePassword();
   }
 
   onChangeOldPassword(oldPassword) {
@@ -137,7 +140,7 @@ class PasswordSettings extends React.Component {
               type="button"
               className="btn btn-primary"
               onClick={this.onClickSubmit}
-              disabled={this.state.retrieveError != null || this.isIncorrectConfirmPassword}
+              disabled={this.state.retrieveError != null || isIncorrectConfirmPassword}
             >
               {t('Update')}
             </button>

src/server/routes/apiv3/personal-setting.js

@@ -51,6 +51,14 @@ module.exports = (crowi) => {
       body('lang').isString().isIn(['en-US', 'ja']),
       body('isEmailPublished').isBoolean(),
     ],
+    password: [
+      body('oldPassword').isString(),
+      body('newPassword').isString().not().isEmpty(),
+      body('newPasswordConfirm').isString().not().isEmpty()
+        .custom((value, { req }) => {
+          return (value === req.body.newPassword);
+        }),
+    ],
   };
 
   /**
@@ -173,10 +181,22 @@ module.exports = (crowi) => {
   });
 
   // TODO swagger
-  router.put('/password', accessTokenParser, loginRequiredStrictly, async(req, res) => {
-    const { oldPassword, newPassword, newPasswordConfirm } = req.body;
+  router.put('/password', accessTokenParser, loginRequiredStrictly, csrf, validator.password, ApiV3FormValidator, async(req, res) => {
+    const { body, user } = req;
+    const { oldPassword, newPassword } = body;
+
+    if (user.isPasswordSet() && !user.isPasswordValid(oldPassword)) {
+      return res.apiv3Err('wrong-current-password', 400);
+    }
+    try {
+      const userData = await user.updatePassword(newPassword);
+      return res.apiv3({ userData });
+    }
+    catch (err) {
+      logger.error(err);
+      return res.apiv3Err('update-password-failed');
+    }
 
-    return res.apiv3();
   });
 
   return router;

src/server/routes/me.js

@@ -255,56 +255,7 @@ module.exports = function(crowi, app) {
   };
 
   actions.password = function(req, res) {
-    const passwordForm = req.body.mePassword;
-    const userData = req.user;
-
-    /*
-      * disabled because the system no longer allows undefined email -- 2017.10.06 Yuki Takei
-      *
-    // パスワードを設定する前に、emailが設定されている必要がある (schemaを途中で変更したため、最初の方の人は登録されていないかもしれないため)
-    // そのうちこのコードはいらなくなるはず
-    if (!userData.isEmailSet()) {
-      return res.redirect('/me');
-    }
-    */
-
-    if (req.method === 'POST' && req.form.isValid) {
-      const newPassword = passwordForm.newPassword;
-      const newPasswordConfirm = passwordForm.newPasswordConfirm;
-      const oldPassword = passwordForm.oldPassword;
-
-      if (userData.isPasswordSet() && !userData.isPasswordValid(oldPassword)) {
-        req.form.errors.push('Wrong current password');
-        return res.render('me/password', {
-        });
-      }
-
-      // check password confirm
-      if (newPassword !== newPasswordConfirm) {
-        req.form.errors.push('Failed to verify passwords');
-      }
-      else {
-        userData.updatePassword(newPassword, (err, userData) => {
-          if (err) {
-            /* eslint-disable no-restricted-syntax, no-prototype-builtins */
-            for (const e in err.errors) {
-              if (err.errors.hasOwnProperty(e)) {
-                req.form.errors.push(err.errors[e].message);
-              }
-            }
-            return res.render('me/password', {});
-          }
-          /* eslint-enable no-restricted-syntax, no-prototype-builtins */
-
-          req.flash('successMessage', 'Password updated');
-          return res.redirect('/me/password');
-        });
-      }
-    }
-    else { // method GET
-      return res.render('me/password', {
-      });
-    }
+    return res.render('me/password');
   };
 
   actions.apiToken = function(req, res) {