opensupports/server/controllers/user/edit-password.php

<?php
use Respect\Validation\Validator as DataValidator;

/**
 * @api {post} /user/edit-password Edit password
 * @apiVersion 4.5.0
 *
 * @apiName Edit password
 *
 * @apiGroup User
 *
 * @apiDescription This path edits the password of an user.
 *
 * @apiPermission user
 *
 * @apiParam {String} newPassword The new password that the user wants to change.
 * @apiParam {String} oldPassword The actual password of the user.
 *
 * @apiUse NO_PERMISSION
 * @apiUse INVALID_PASSWORD
 * @apiUse INVALID_OLD_PASSWORD
 *
 * @apiSuccess {Object} data Empty object
 *
 */

class EditPassword extends Controller {
    const PATH = '/edit-password';
    const METHOD = 'POST';

    public function validations() {
        return [
            'permission' => 'user',
            'requestData' => [
                'newPassword' => [
                    'validation' => DataValidator::length(5, 200),
                    'error' => ERRORS::INVALID_PASSWORD
                ]
            ]
        ];
    }

    public function handler() {
        $oldPassword = Controller::request('oldPassword');
        $newPassword = Controller::request('newPassword');
        $user = Controller::getLoggedUser() ;

        if (Hashing::verifyPassword($oldPassword, $user->password)) {
            $user->password = Hashing::hashPassword($newPassword);
            $user->store();

            $mailSender = MailSender::getInstance();
            $mailSender->setTemplate('USER_PASSWORD', [
                'to'=>$user->email,
                'name'=>$user->name
            ]);
            $mailSender->send();
            
            Response::respondSuccess();
        } else{
            throw new RequestException(ERRORS::INVALID_OLD_PASSWORD);
        }
    }
}
(Guillermo) path-user-edit and mailsender [skip ci] 2016-08-08 04:21:48 +02:00			`<?php`
			`use Respect\Validation\Validator as DataValidator;`

Guillermo - data user [skip ci] 2017-04-16 07:35:04 +02:00			`/**`
Ivan - Update controller documentations 2017-05-12 06:58:40 +02:00			`* @api {post} /user/edit-password Edit password`
release v4.5.0 2019-10-08 01:21:43 +02:00			`* @apiVersion 4.5.0`
Guillermo - data user [skip ci] 2017-04-16 07:35:04 +02:00			`*`
Ivan - Update controller documentations 2017-05-12 06:58:40 +02:00			`* @apiName Edit password`
Guillermo - data user [skip ci] 2017-04-16 07:35:04 +02:00			`*`
			`* @apiGroup User`
			`*`
Ivan - Update controller documentations 2017-05-12 06:58:40 +02:00			`* @apiDescription This path edits the password of an user.`
Guillermo - data user [skip ci] 2017-04-16 07:35:04 +02:00			`*`
Ivan - Update controller documentations 2017-05-12 06:58:40 +02:00			`* @apiPermission user`
Guillermo - data user [skip ci] 2017-04-16 07:35:04 +02:00			`*`
Guillermo - things [skip ci] 2017-04-21 08:09:24 +02:00			`* @apiParam {String} newPassword The new password that the user wants to change.`
			`* @apiParam {String} oldPassword The actual password of the user.`
Guillermo - data user [skip ci] 2017-04-16 07:35:04 +02:00			`*`
Guillermo - things [skip ci] 2017-04-21 08:09:24 +02:00			`* @apiUse NO_PERMISSION`
			`* @apiUse INVALID_PASSWORD`
			`* @apiUse INVALID_OLD_PASSWORD`
Guillermo - data user [skip ci] 2017-04-16 07:35:04 +02:00			`*`
Guillermo - things [skip ci] 2017-04-21 08:09:24 +02:00			`* @apiSuccess {Object} data Empty object`
Guillermo - data user [skip ci] 2017-04-16 07:35:04 +02:00			`*`
			`*/`

(Guillermo) path-user-edit and mailsender [skip ci] 2016-08-08 04:21:48 +02:00			`class EditPassword extends Controller {`
			`const PATH = '/edit-password';`
Ivan - Update backend methods [skip ci] 2017-02-08 19:09:15 +01:00			`const METHOD = 'POST';`

(Guillermo) path-user-edit and mailsender [skip ci] 2016-08-08 04:21:48 +02:00			`public function validations() {`
			`return [`
			`'permission' => 'user',`
			`'requestData' => [`
			`'newPassword' => [`
			`'validation' => DataValidator::length(5, 200),`
			`'error' => ERRORS::INVALID_PASSWORD`
			`]`
			`]`
			`];`
			`}`

			`public function handler() {`
			`$oldPassword = Controller::request('oldPassword');`
			`$newPassword = Controller::request('newPassword');`
			`$user = Controller::getLoggedUser() ;`

			`if (Hashing::verifyPassword($oldPassword, $user->password)) {`
			`$user->password = Hashing::hashPassword($newPassword);`
			`$user->store();`

Ivan - Avoid verification if smtp is not set. Implement singleton pattern in MailSender class 2017-06-05 16:41:52 +02:00			`$mailSender = MailSender::getInstance();`
Ivan - Add all mail templates [skip ci] 2017-03-17 00:00:21 +01:00			`$mailSender->setTemplate('USER_PASSWORD', [`
(Guillermo) path-user-edit and mailsender [skip ci] 2016-08-08 04:21:48 +02:00			`'to'=>$user->email,`
			`'name'=>$user->name`
			`]);`
			`$mailSender->send();`

			`Response::respondSuccess();`
			`} else{`
Use own exception class 2018-11-20 23:41:00 +01:00			`throw new RequestException(ERRORS::INVALID_OLD_PASSWORD);`
(Guillermo) path-user-edit and mailsender [skip ci] 2016-08-08 04:21:48 +02:00			`}`
			`}`
			`}`