1 files changed, 55 insertions, 0 deletions

diff --git a/src/server/ApiManagers/UserManager.ts b/src/server/ApiManagers/UserManager.ts
index f2ef22961..36d48e366 100644
--- a/src/server/ApiManagers/UserManager.ts
+++ b/src/server/ApiManagers/UserManager.ts
@@ -2,6 +2,8 @@ import ApiManager, { Registration } from "./ApiManager";
 import { Method } from "../RouteManager";
 import { Database } from "../database";
 import { msToTime } from "../ActionUtilities";
+import * as bcrypt from "bcrypt-nodejs";
+import { Opt } from "../../new_fields/Doc";
 
 export const timeMap: { [id: string]: number } = {};
 interface ActivityUnit {
@@ -37,6 +39,59 @@ export default class UserManager extends ApiManager {
         });
 
         register({
+            method: Method.POST,
+            subscription: '/internalResetPassword',
+            onValidation: async ({ user, req, res }) => {
+                const result: any = {};
+                const { curr_pass, new_pass, new_confirm } = req.body;
+                // perhaps should assert whether curr password is entered correctly
+                const validated = await new Promise<Opt<boolean>>(resolve => {
+                    bcrypt.compare(curr_pass, user.password, (err, passwords_match) => {
+                        if (err || !passwords_match) {
+                            result.error = [{ msg: "Incorrect current password" }];
+                            res.send(result);
+                            resolve(undefined);
+                        } else {
+                            resolve(passwords_match);
+                        }
+                    });
+                });
+
+                if (validated === undefined) {
+                    return;
+                }
+
+                req.assert("new_pass", "Password must be at least 4 characters long").len({ min: 4 });
+                req.assert("new_confirm", "Passwords do not match").equals(new_pass);
+                if (curr_pass === new_pass) {
+                    result.error = [{ msg: "Current and new password are the same" }];
+                }
+                // was there error in validating new passwords?
+                if (req.validationErrors()) {
+                    // was there error?
+                    result.error = req.validationErrors();
+                }
+
+                // will only change password if there are no errors.
+                if (!result.error) {
+                    user.password = new_pass;
+                    user.passwordResetToken = undefined;
+                    user.passwordResetExpires = undefined;
+                }
+
+                user.save(err => {
+                    if (err) {
+                        result.error = [{ msg: "Error while saving new password" }];
+                    }
+                });
+
+                res.send(result);
+            }
+        });
+
+
+
+        register({
             method: Method.GET,
             subscription: "/activity",
             secureHandler: ({ res }) => {