From 648f8a16cc150a5c38cf2e9e6f7942c427c82e67 Mon Sep 17 00:00:00 2001
From: Kayne Ruse <kayneruse@gmail.com>
Date: Sat, 27 Feb 2021 04:38:59 +1100
Subject: [PATCH] Added password changing

---
 README.md                           |  2 +-
 client/components/pages/account.jsx | 31 ++++++++++++++++++++++++-----
 package.json                        |  2 +-
 server/accounts/update.js           |  8 +++++++-
 4 files changed, 35 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index 5a674e5..bfb734c 100644
--- a/README.md
+++ b/README.md
@@ -43,7 +43,7 @@ There are external components to this template referred to as "microservices". T
 	- ~~login (with cookies)~~
 	- ~~logout (with cookies)~~
 	- ~~account deletion~~
-	- Change passwords
+	- ~~Change passwords~~
 - Administration Panel
 	- ~~Default admin account~~
 	- ~~Exclusive to admin accounts~~
diff --git a/client/components/pages/account.jsx b/client/components/pages/account.jsx
index f065635..0dac79f 100644
--- a/client/components/pages/account.jsx
+++ b/client/components/pages/account.jsx
@@ -13,7 +13,7 @@ const Account = props => {
 	}
 
 	//refs
-	let contactElement;
+	let contactElement, passwordElement, retypeElement;
 
 	//once before render
 	useEffect(() => {
@@ -31,11 +31,24 @@ const Account = props => {
 			<h1 className='centered'>Account</h1>
 			<form className='constricted' onSubmit={async evt => {
 				evt.preventDefault();
-				await update(contactElement.checked);
+				await update(contactElement.checked, passwordElement.value, retypeElement.value);
+				passwordElement.value = retypeElement.value = '';
 			}}>
 				<div>
-					<label htmlFor='contact'>Allow Promotional Emails:</label>
-					<input type='checkbox' name='contact' ref={e => contactElement = e} />
+					<div>
+						<label htmlFor='contact'>Allow Promotional Emails:</label>
+						<input type='checkbox' name='contact' ref={e => contactElement = e} />
+					</div>
+
+					<div>
+						<label htmlFor='password'>Change Password:</label> 
+						<input type='password' name='password' ref={e => passwordElement = e} />
+					</div>
+
+					<div>
+						<label htmlFor='retype'>Retype Password:</label> 
+						<input type='password' name='retype' ref={e => retypeElement = e} />
+					</div>
 				</div>
 
 				<button type='submit'>Update Information</button>
@@ -46,12 +59,20 @@ const Account = props => {
 	);
 };
 
-const update = async (contact) => {
+const update = async (contact, password, retype) => {
+	if (password != retype) {
+		alert('Passwords do not match');
+	}
+
 	//generate a new formdata payload
 	let formData = new FormData();
 
 	formData.append('contact', contact);
 
+	if (password) {
+		formData.append('password', password);
+	}
+
 	const result = await fetch('/api/accounts', { method: 'PATCH', body: formData });
 
 	if (result.ok) {
diff --git a/package.json b/package.json
index 24c0ac1..58d8970 100644
--- a/package.json
+++ b/package.json
@@ -5,7 +5,7 @@
   "main": "server/server.js",
   "scripts": {
     "configure": "node configure-script.js",
-	"clean": "rm docker-compose.yml; rm Dockerfile; rm startup.sql",
+    "clean": "rm docker-compose.yml; rm Dockerfile; rm startup.sql",
     "start": "npm run build && node server/server.js",
     "build": "npm run build:server && npm run build:client",
     "build:server": "exit 0",
diff --git a/server/accounts/update.js b/server/accounts/update.js
index 32035a9..6eedebb 100644
--- a/server/accounts/update.js
+++ b/server/accounts/update.js
@@ -1,3 +1,4 @@
+const bcrypt = require('bcryptjs');
 const { accounts } = require('../database/models');
 
 const route = async (req, res) => {
@@ -5,9 +6,14 @@ const route = async (req, res) => {
 		return res.status(500).send('missing account data');
 	}
 
+	//generate the password hash
+	const salt = await bcrypt.genSalt(11);
+	const hash = await bcrypt.hash(req.fields.password, salt);
+
 	//update the account
 	await accounts.update({
-		contact: req.fields.contact
+		contact: req.fields.contact,
+		hash: hash
 	}, {
 		where: {
 			id: req.session.account.id