Fix Joi validation not accepting updates

4 years ago · 8413f489e7
3 changed files with 39 additions and 40 deletions
--- a/server/routes/athletes.js
+++ b/server/routes/athletes.js
@ -19,35 +19,28 @@ router.get('/api/athletes/:id',
    celebrate(guid),
    async (req, res) => {
        const athlete = await Athlete.findById(req.params.id);
-        res.send(athlete)
-    });
-
-router.get('/api/athletes/:id/edit',
-    requireAuth,
-    celebrate(guid),
-    async (req, res) => {
-        const athlete = await Athlete.findById(req.params.id)
-        res.send(athlete)
+        res.send(athlete);
    });

 router.put('/api/athletes/:id',
    requireAuth,
    celebrate(athleteUpdateSchema, guid),
    async (req, res) => {
-        const {name, _trainer} = req.body
-        await Athlete.findByIdAndUpdate(req.params.id, {name, _trainer}, {}, (err, athlete) => {
+        const {name, _trainer} = req.body;
+
+        await Athlete.findByIdAndUpdate(req.params.id, {name, _trainer}, {new: true}, (err, athlete) => {
            if (err)
                return res.status(400).json({errors: 'Something went wrong!'});

-            res.send(athlete)
-        })
+            res.send(athlete);
+        });
    });

 router.delete('/api/athlete/:id',
    requireAuth,
    celebrate(guid),
    async (req, res) => {
-        await Athlete.findByIdAndDelete(req.params.id)
+        await Athlete.findByIdAndDelete(req.params.id);
    });

 module.exports = router;
--- a/server/routes/user.js
+++ b/server/routes/user.js
@ -14,23 +14,30 @@ router.put('/api/user/:id',
    async (req, res) => {
        const {username, email, password, newPassword} = req.body

-        if (password && newPassword) {
-            bcrypt.compare(password, req.user.password, async (err, isMatch) => {
+        bcrypt.compare(password, req.user.password, async (err, isMatch) => {
                if (err)
-                    return res.status(400).json({errors: 'Current password is wrong!'});
-
+                    return res.status(400).json({errors: 'Password is wrong!'});
                if (isMatch) {
-                    const user = {username, email, newPassword}
-                    await User.findByIdAndUpdate(req.params.id, user)
+                    if (newPassword) {
+                        await User.findByIdAndUpdate(req.params.id, {
+                            username,
+                            email,
+                            newPassword
+                        }, {new: true}, (err, user) => {
+                            req.user = user;
+                        });
+                    } else {
+                        await User.findByIdAndUpdate(req.params.id, {
+                            username,
+                            email
+                        }, {new: true}, (err, user) => {
+                            req.user = user;
+                        });
+                    }
                    res.send(req.user);
                }
-            });
-        } else if (username || email) {
-            const user = {username, email}
-            await User.findByIdAndUpdate(req.params.id, user)
-            res.send(req.user);
-        }
-
+            }
+        );
    });

 module.exports = router;
--- a/server/schemas/joi.js
+++ b/server/schemas/joi.js
@ -4,7 +4,7 @@ const guid = {
    params: {
        userId: Joi.string().guid().required()
    }
-}
+};

 const userAuthSchema = {
    body: {
@ -14,18 +14,17 @@ const userAuthSchema = {
 };

 const userUpdateSchema = {
-        body: {
-            _id: Joi.string().required(),
-            username: Joi.string().required(),
-            __v: Joi.number().integer(),
-            email: Joi.string().email(),
-            registered: Joi.string(),
-            lastLogin: Joi.string(),
-            password: Joi.string().alphanum().allow(''),
-            newPassword: Joi.string().alphanum().allow(''),
-        }
+    body: {
+        _id: Joi.string().required(),
+        username: Joi.string().required(),
+        registered: Joi.string().required(),
+        lastLogin: Joi.string().required(),
+        __v: Joi.number().integer().required(),
+        email: Joi.string().email().required(),
+        password: Joi.string().alphanum().required(),
+        newPassword: Joi.string().alphanum().optional(),
    }
-;
+};

 const athleteUpdateSchema = {
    body: {
@ -36,6 +35,6 @@ const athleteUpdateSchema = {
        __v: Joi.number().integer(),
        _trainer: Joi.string().allow('').default(''),
    }
-}
+};

 module.exports = {guid, userAuthSchema, userUpdateSchema, athleteUpdateSchema}