Merge pull request 'Password reset / update' (#11) from password-reset into main

Reviewed-on: #11
2022-01-20 20:04:18 +00:00 · 2022-01-20 20:04:18 +00:00 · ddb976508e
parent 401b5b3184 192e8b632f
commit ddb976508e
2 changed files with 17 additions and 1 deletions
--- a/docker/backend/src/mw/auth.cr
+++ b/docker/backend/src/mw/auth.cr
@ -26,7 +26,7 @@ module MW
      JWT.encode(payload.to_h, ENV_REQUESTER["BACKEND_JWT_SECRET"], JWT::Algorithm::HS256)
    end

-    def create_user_jwt(user_id : Int, expiration : Int = (Time.utc + Time::Span.new(days: 1)).to_unix) : String
+    def create_user_jwt(user_id : Int, expiration : Int = (Time.utc + Time::Span.new(hours: 6)).to_unix) : String
      create_jwt({user_id: user_id}, expiration)
    end

--- a/docker/backend/src/mw/schema/mutation.cr
+++ b/docker/backend/src/mw/schema/mutation.cr
@ -15,6 +15,22 @@ module MW
        )
      end

+      @[GraphQL::Field]
+      def update_password(context : Context, password : String) : LoginPayload
+        context.authenticated!
+
+        if Auth.verify_password?(password, context.user.not_nil!.password)
+          raise "New password must be different from old password"
+        end
+
+        context.user.not_nil!.update!(password: Auth.hash_password(password))
+
+        LoginPayload.new(
+          user: User.new(context.user.not_nil!),
+          token: Auth.create_user_jwt(context.user.not_nil!.id.not_nil!.to_i),
+        )
+      end
+
      @[GraphQL::Field]
      def create_user(context : Context, input : UserCreateInput) : User
        context.admin!