Feature/72/update user password

[Kimoo193]

PR Checklist (required)

Please check if your PR fulfills the following requirements:

• The commit message follows our guidelines.

• Tests for the changes have been added (for bug fixes / features)

PR Type

What kind of change does this PR introduce?

• Bugfix
• Feature
• Code style update (formatting, local variables)
• Refactoring (no functional changes, no api changes)
• Build related changes
• CI related changes
• Documentation changes
• Other... Please describe:

Related Issue

Closes #

[Copilot]

Copilot reviewed 5 out of 6 changed files in this pull request and generated no comments.

Files not reviewed (1)

• src/docs/swagger.json: Language not supported

Comments suppressed due to low confidence (2)

src/middlewares/verifyUserPermission.middleware.js:2

• The additional email-based permission check (req.user.email === req.params.email) may unintentionally grant access since the route does not provide an 'email' parameter. Please verify if this condition is necessary.

if (req.params.id === req.user.id || req.user.role === 'ADMIN' || req.user.email === req.params.email) {

src/validations/user.validation.js:45

• Consider passing { abortEarly: false } to schema.validate for consistency with other validations and to capture all errors in one go.

return schema.validate(obj);

[Kimoo193]

This pull request introduces several changes to the user management functionality, including updates to user routes, controllers, validations, and documentation. The most significant changes are the addition of a new endpoint for updating user passwords and improvements to the validation and permission checks.

New Features:

• Added a new endpoint for updating user passwords: PUT /api/users/update-password/:id in src/controllers/user.controller.js and src/routes/user.routes.js. [1] [2]

Validation Enhancements:

• Updated validation to include password update validation and allowed unknown fields in user account validation in src/validations/user.validation.js.

Documentation Updates:

• Updated README.md to reflect changes in user routes and added documentation for the new password update endpoint in src/docs/swagger.json. [1] [2] [3]

Permission Checks:

• Enhanced the verifyUserPermission middleware to allow email-based permission checks in src/middlewares/verifyUserPermission.middleware.js.

Utility Functions:

• Imported password utility functions (comparePassword, hashPassword) in src/controllers/user.controller.js to handle password comparisons and hashing.