✨ Add endpoint for password details

staart · Aug 28, 2020 · 161b264 · 161b264
1 parent 9558c36
commit 161b264
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 0 deletions.
diff --git a/src/_staart/rest/user.ts b/src/_staart/rest/user.ts
@@ -199,6 +199,22 @@ export const getMembershipsForUser = async (
   throw new Error(INSUFFICIENT_PERMISSION);
 };
 
+export const getPasswordForUser = async (
+  tokenUserId: number,
+  dataUserId: number
+) => {
+  if (
+    await can(tokenUserId, UserScopes.READ_USER_MEMBERSHIPS, "user", dataUserId)
+  ) {
+    const user = await prisma.users.findOne({
+      where: { id: dataUserId },
+    });
+    if (!user) throw new Error(USER_NOT_FOUND);
+    return { hasPassword: !!user.password };
+  }
+  throw new Error(INSUFFICIENT_PERMISSION);
+};
+
 export const getAllDataForUser = async (
   tokenUserId: number,
   userId: number

diff --git a/src/controllers/users/_id/security.ts b/src/controllers/users/_id/security.ts
@@ -19,6 +19,7 @@ import {
   regenerateBackupCodesForUser,
   updatePasswordForUser,
   verify2FAForUser,
+  getPasswordForUser,
 } from "../../../_staart/rest/user";
 
 @ClassMiddleware(authHandler)
@@ -53,6 +54,13 @@ export class UserSecurityController {
     return respond(RESOURCE_UPDATED);
   }
 
+  @Get("password")
+  async getPassword(req: Request, res: Response) {
+    const id = twtToId(req.params.id, res.locals.token.id);
+    joiValidate({ id: Joi.number().required() }, { id });
+    return getPasswordForUser(res.locals.token.id, id);
+  }
+
   @Get("data")
   async getUserData(req: Request, res: Response) {
     const id = twtToId(req.params.id, res.locals.token.id);