Last active
April 11, 2018 06:17
-
-
Save anandundavia/5f0a8544486be1df9da26d43880ffdac to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function changePassword(email, oldPassword, newPassword) { | |
var user = getUser(email); | |
var oldPasswordDecrypted = decrypt(oldPassword) | |
var newPasswordDecrypted = decrypt(newPassword) | |
var existingPasswordDecrypted = decrypt(user.password) | |
if (user === null || existingPasswordDecrypted !== oldPasswordDecrypted) { | |
throw new EmailPasswordMissMatchException(); | |
} | |
if (oldPasswordDecrypted === newPasswordDecrypted) { | |
throw new PasswordAlreadyInUseException(); | |
} | |
if (user.isAdmin) { | |
changeAdminPassword(user, newPassword); | |
} else { | |
changeUserPassword(user, oldPassword, newPassword); | |
} | |
} | |
function changeUserPassword(user, newPassword) { | |
if (!user.isEnabled) { | |
throw new UnsupporedOperationException(); | |
} | |
try { | |
user.password = newPassword; | |
save(user); | |
// clear the session when the user changes the password | |
// so that he/she has to log in again | |
clearSession(user); | |
} catch (e) { | |
throw new SomethingWentWrongException(); | |
} | |
} | |
function changeAdminPassword(user, oldPassword, newPassword) { | |
var isError = false; | |
try { | |
user.password = newPassword; | |
save(user); | |
// clear the session when the user changes the password | |
// so that he/she has to log in again | |
clearSession(user); | |
} catch (e) { | |
isError = true; | |
throw new SomethingWentWrongException(); | |
} finally { | |
if (!isError) { | |
sendPasswordChangeConfirmationEmails(user); | |
} | |
} | |
} | |
function sendPasswordChangeConfirmationEmails(user) { | |
var emails = user.getEmails(); | |
var token = generatePasswordRevertToken(user.email, user.password); | |
for (i = 0; i < emails.length; i++) { | |
// Confirm with admin that he as in fact changed the password, | |
// if he has not, give him option to reset the password using token | |
sendConfirmationEmail(email[i], token); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment