enhancement: Current password confirmation in change password (#2108)

* add current password field in change password form * locale changes * chore: update password API * chore: rubocop fixes * replace currentPassword with current_password * code cleanup * replace input with woot-input * code cleanup Co-authored-by: Sojan <sojan@pepalo.com>
2021-06-02 17:52:24 +05:30
parent 2c42e70637
commit b0b4d9d6f5
6 changed files with 201 additions and 84 deletions
--- a/app/controllers/api/v1/profiles_controller.rb
+++ b/app/controllers/api/v1/profiles_controller.rb
@@ -6,6 +6,12 @@ class Api::V1::ProfilesController < Api::BaseController
  end

  def update
+    if password_params[:password].present?
+      render_could_not_create_error('Invalid current password') and return unless @user.valid_password?(password_params[:current_password])
+
+      @user.update!(password_params.except(:current_password))
+    end
+
    @user.update!(profile_params)
  end

@@ -20,11 +26,17 @@ class Api::V1::ProfilesController < Api::BaseController
      :email,
      :name,
      :display_name,
-      :password,
-      :password_confirmation,
      :avatar,
      :availability,
      ui_settings: {}
    )
  end
+
+  def password_params
+    params.require(:profile).permit(
+      :current_password,
+      :password,
+      :password_confirmation
+    )
+  end
 end