Skip to content

Commit

Permalink
Rewrite api.user.update to allow for saving of passwords
Browse files Browse the repository at this point in the history 
See Automattic/mongoose#964
  • Loading branch information
@creynders
creynders committed Aug 13, 2014
1 parent b1d862f commit 643aa3a
Showing 1 changed file with 21 additions and 5 deletions.
26 changes: 21 additions & 5 deletions routes/api/users/controller.js
View file
@@ -1,4 +1,5 @@
'use strict';
var _ = require( 'underscore' )
var keystone = require( 'keystone' ),
async = require( 'async' );
var errors = require( 'errors' );
Expand Down Expand Up @@ -45,15 +46,30 @@ module.exports.update = function( req,
res,
next ){
debug( 'update' );
User.findByIdAndUpdate( res.locals.user.id, req.body ).exec( function( err,
user ){
//don't use findByIdAndUpdate, since the schema pre save handler isn't called
//i.e. passwords would be saved in plain text!!
User.findById( res.locals.user.id ).exec( function( err,
user ){
if( err ){
return next( err );
}
if( !user ){
return res.apiError( new errors.Http404Error() );
}

user.getUpdateHandler( req, res ).process( req.body, {
fields : _.keys( _.pick(req.body, 'name', 'email', 'password' ) ),
flashErrors : false
}, function( err,
processor ){
if( err ){
return next( err );
}
var user = processor.item;
if( !user ){
return res.apiError( new errors.Http404Error() );
return res.apiError( new errors.Http500Error() );
}
return res.apiResponse( user );
}
);
} );
} );
};

0 comments on commit 643aa3a

Please sign in to comment.