Fix Joi validation not accepting updates

4 years ago · 8413f489e7
3 changed files with 39 additions and 40 deletions
--- a/server/routes/athletes.js
+++ b/server/routes/athletes.js
@ -19,35 +19,28 @@ router.get('/api/athletes/:id',
    celebrate(guid),
    async (req, res) => {
        const athlete = await Athlete.findById(req.params.id);
-        res.send(athlete)
+        res.send(athlete);
    });
 router.get('/api/athletes/:id/edit',
    requireAuth,
    celebrate(guid),
    async (req, res) => {
        const athlete = await Athlete.findById(req.params.id)
        res.send(athlete)
    });
 router.put('/api/athletes/:id',
    requireAuth,
    celebrate(athleteUpdateSchema, guid),
    async (req, res) => {
-        const {name, _trainer} = req.body
+        const {name, _trainer} = req.body;
-        await Athlete.findByIdAndUpdate(req.params.id, {name, _trainer}, {}, (err, athlete) => {
+
        await Athlete.findByIdAndUpdate(req.params.id, {name, _trainer}, {new: true}, (err, athlete) => {
            if (err)
                return res.status(400).json({errors: 'Something went wrong!'});
-            res.send(athlete)
+            res.send(athlete);
-        })
+        });
    });
 router.delete('/api/athlete/:id',
    requireAuth,
    celebrate(guid),
    async (req, res) => {
-        await Athlete.findByIdAndDelete(req.params.id)
+        await Athlete.findByIdAndDelete(req.params.id);
    });
 module.exports = router;
--- a/server/routes/user.js
+++ b/server/routes/user.js
@ -14,23 +14,30 @@ router.put('/api/user/:id',
    async (req, res) => {
        const {username, email, password, newPassword} = req.body
-        if (password && newPassword) {
+        bcrypt.compare(password, req.user.password, async (err, isMatch) => {
            bcrypt.compare(password, req.user.password, async (err, isMatch) => {
                if (err)
-                    return res.status(400).json({errors: 'Current password is wrong!'});
+                    return res.status(400).json({errors: 'Password is wrong!'});
                if (isMatch) {
-                    const user = {username, email, newPassword}
+                    if (newPassword) {
-                    await User.findByIdAndUpdate(req.params.id, user)
+                        await User.findByIdAndUpdate(req.params.id, {
                            username,
                            email,
                            newPassword
                        }, {new: true}, (err, user) => {
                            req.user = user;
                        });
                    } else {
                        await User.findByIdAndUpdate(req.params.id, {
                            username,
                            email
                        }, {new: true}, (err, user) => {
                            req.user = user;
                        });
                    }
                    res.send(req.user);
                }
-            });
+            }
-        } else if (username || email) {
+        );
            const user = {username, email}
            await User.findByIdAndUpdate(req.params.id, user)
            res.send(req.user);
        }
    });
 module.exports = router;
--- a/server/schemas/joi.js
+++ b/server/schemas/joi.js
@ -4,7 +4,7 @@ const guid = {
    params: {
        userId: Joi.string().guid().required()
    }
-}
+};
 const userAuthSchema = {
    body: {
@ -14,18 +14,17 @@ const userAuthSchema = {
 };
 const userUpdateSchema = {
-        body: {
+    body: {
-            _id: Joi.string().required(),
+        _id: Joi.string().required(),
-            username: Joi.string().required(),
+        username: Joi.string().required(),
-            __v: Joi.number().integer(),
+        registered: Joi.string().required(),
-            email: Joi.string().email(),
+        lastLogin: Joi.string().required(),
-            registered: Joi.string(),
+        __v: Joi.number().integer().required(),
-            lastLogin: Joi.string(),
+        email: Joi.string().email().required(),
-            password: Joi.string().alphanum().allow(''),
+        password: Joi.string().alphanum().required(),
-            newPassword: Joi.string().alphanum().allow(''),
+        newPassword: Joi.string().alphanum().optional(),
        }
    }
-;
+};
 const athleteUpdateSchema = {
    body: {
@ -36,6 +35,6 @@ const athleteUpdateSchema = {
        __v: Joi.number().integer(),
        _trainer: Joi.string().allow('').default(''),
    }
-}
+};
 module.exports = {guid, userAuthSchema, userUpdateSchema, athleteUpdateSchema}