Server: Fixed password hashing when changing password

packages/server/src/routes/index/users.test.ts

@@ -128,12 +128,17 @@ describe('index_users', function() {
 		await patchUser(session.id, { id: user.id, email: 'test2@example.com' });
 		const modUser: User = await userModel.load(user.id);
 		expect(modUser.email).toBe('test2@example.com');
+	});
 
-		// const previousPassword = modUser.password;
-		// await patchUser(session.id, { id: user.id, password: 'abcdefgh', password2: 'abcdefgh' });
-		// modUser = await userModel.load(user.id);
-		// expect(!!modUser.password).toBe(true);
-		// expect(modUser.password === previousPassword).toBe(false);
+	test('should change the password', async function() {
+		const { user, session } = await createUserAndSession(1, true);
+
+		const userModel = models().user({ userId: user.id });
+
+		await patchUser(session.id, { id: user.id, password: 'abcdefgh', password2: 'abcdefgh' });
+		const modUser = await userModel.login('user1@localhost', 'abcdefgh');
+		expect(!!modUser).toBe(true);
+		expect(modUser.id).toBe(user.id);
 	});
 
 	test('should get a user', async function() {

packages/server/src/routes/index/users.ts

@@ -7,6 +7,7 @@ import { User } from '../../db';
 import config from '../../config';
 import { View } from '../../services/MustacheService';
 import defaultView from '../../utils/defaultView';
+import { hashPassword } from '../../utils/auth';
 
 function makeUser(isNew: boolean, fields: any): User {
 	const user: User = {};
@@ -16,7 +17,7 @@ function makeUser(isNew: boolean, fields: any): User {
 
 	if (fields.password) {
 		if (fields.password !== fields.password2) throw new ErrorUnprocessableEntity('Passwords do not match');
-		user.password = fields.password;
+		user.password = hashPassword(fields.password);
 	}
 
 	if (!isNew) user.id = fields.id;