Merge pull request #106 from harena-lab/development

Fix: double hashing password on creation

harena-manager.postman_collection.json

@@ -556,7 +556,7 @@
 					"response": []
 				},
 				{
-					"name": "/user/:id",
+					"name": "/user",
 					"request": {
 						"method": "PUT",
 						"header": [],
@@ -565,29 +565,42 @@
 							"formdata": [
 								{
 									"key": "username",
-									"value": "username",
-									"type": "text"
+									"value": "edu",
+									"type": "text",
+									"disabled": true
 								},
 								{
 									"key": "email",
-									"value": "email@example",
-									"type": "text"
+									"value": "edu@email.com",
+									"type": "text",
+									"disabled": true
 								},
 								{
 									"key": "login",
-									"value": "login",
+									"value": "jacinta",
 									"type": "text"
+								},
+								{
+									"key": "grade",
+									"value": "teste1111",
+									"type": "text",
+									"disabled": true
+								},
+								{
+									"key": "password",
+									"value": "jacintomaster",
+									"type": "text",
+									"disabled": true
 								}
 							]
 						},
 						"url": {
-							"raw": "{{api-base-url}}/user/{{user-id}}",
+							"raw": "{{api-base-url}}/user",
 							"host": [
 								"{{api-base-url}}"
 							],
 							"path": [
-								"user",
-								"{{user-id}}"
+								"user"
 							]
 						}
 					},
@@ -2087,6 +2100,72 @@
 					},
 					"response": []
 				},
+				{
+					"name": "/admin/user/:id",
+					"request": {
+						"method": "PUT",
+						"header": [],
+						"body": {
+							"mode": "formdata",
+							"formdata": [
+								{
+									"key": "username",
+									"value": "edu",
+									"type": "text",
+									"disabled": true
+								},
+								{
+									"key": "email",
+									"value": "",
+									"type": "text",
+									"disabled": true
+								},
+								{
+									"key": "login",
+									"value": "",
+									"type": "text",
+									"disabled": true
+								},
+								{
+									"key": "password",
+									"value": "",
+									"type": "text",
+									"disabled": true
+								},
+								{
+									"key": "grade",
+									"value": "test",
+									"type": "text",
+									"disabled": true
+								},
+								{
+									"key": "institution_id",
+									"value": "",
+									"type": "text",
+									"disabled": true
+								},
+								{
+									"key": "course_id",
+									"value": "",
+									"type": "text",
+									"disabled": true
+								}
+							]
+						},
+						"url": {
+							"raw": "{{api-base-url}}/admin/user/75131920-cd37-441a-a86e-a2c538d33d64",
+							"host": [
+								"{{api-base-url}}"
+							],
+							"path": [
+								"admin",
+								"user",
+								"75131920-cd37-441a-a86e-a2c538d33d64"
+							]
+						}
+					},
+					"response": []
+				},
 				{
 					"name": "/admin/quest/{{id}}",
 					"request": {

src/adonisjs/app/Controllers/Http/v1/AdminController.js

@@ -34,6 +34,35 @@ class AdminController {
     }
   }
 
+  async updateUser ({ params, request, response, auth }) {
+    try {
+      console.log('============')
+      const user = await User.find(params.id)
+
+      const newUser = {
+          username : request.input('username') || user.username,
+          email : request.input('email') || user.email,
+          login : request.input('login') || user.login,
+          grade : request.input('grade') || user.grade,
+          password : request.input('password') || user.password,
+          institution_id: request.input('institution_id') || user.institution_id,
+          course_id:  request.input('course_id') || user.course_id
+      }
+
+
+      if (user != null) {
+        await user.merge(newUser)
+        await user.save()
+        return response.json(user)
+      } else{
+        console.log('save user error');
+        return response.status(500).json('user not found')
+      }
+    } catch (e) {
+      return response.status(e.status).json({ message: e.message })
+    }
+  }
+
   async linkRoleUser ({ request, response }) {
     try {
       const { userId, roleId } = request.post()

src/adonisjs/app/Controllers/Http/v1/UserController.js

@@ -107,7 +107,7 @@ class UserController {
    */
   async update ({ params, request, response, auth }) {
     try {
-      const user = await User.find(params.id)
+      const user = await User.find(auth.user.id)
 
       const updatedUser = {
           username : request.input('username') || user.username,

src/adonisjs/app/Models/v1/User.js

@@ -83,7 +83,6 @@ class User extends Model {
          * A hook to hash the user password before saving
          * it to the database.
          */
-    this.addHook('beforeCreate', 'UserHook.hashPassword')
     this.addHook('beforeSave', 'UserHook.hashPassword')
 
   }

src/adonisjs/start/routes.js

@@ -26,7 +26,7 @@ Route.group(() => {
 
     Route.put(   'password',              'v1/UserController.updatePassword').middleware(['auth'])
     Route.get(   ':id',                   'v1/UserController.show').middleware(['auth'])
-    Route.put(   ':id',                   'v1/UserController.update').middleware(['auth'])
+    Route.put(   '',                   'v1/UserController.update').middleware(['auth'])
     Route.delete(':id',                   'v1/UserController.destroy').middleware(['auth'])
 }).prefix('/api/v1/user')
 
@@ -182,6 +182,9 @@ Route.group(() => {
 	Route.post(  'institution',       			'v1/InstitutionController.store')
 
 	Route.post(  'revoke_tokens',     			'v1/AdminController.revoke_tokens')
+
+  Route.put(  'user/:id',        'v1/AdminController.updateUser')
+
 }).prefix('/api/v1/admin').middleware(['auth', 'is:admin'])