feat: implement user password update functionality with validation #1887
+390
−35
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
This PR implements user password update functionality with validation, adding new endpoints for users to update their own password and enabling administrators to update user passwords. Key changes include additions to the user service for password updates, controller endpoints for both user and admin password updates, and corresponding test cases and DTOs.
Reviewed Changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| test/Users.js | Adds tests for changing password scenarios, including validations for incorrect passwords and auth strategy restrictions. |
| src/users/users.service.ts | Introduces a new updateUserPassword method to hash and update the password in the database. |
| src/users/users.service.spec.ts | Updates user settings mocks to include required properties for testing. |
| src/users/users.controller.ts | Adds endpoints for local users to change their own passwords and for admins to change user passwords with proper authorization. |
| src/users/dto/update-user-password.dto.ts | Defines the DTOs for user and admin password update requests. |
| src/datasets/datasets.controller.ts | Cleans up unused imports by removing deprecated type references. |
| src/common/types.ts | Adds password update response type for standardizing API responses. |
Comments suppressed due to low confidence (1)
src/users/users.controller.ts:291
- [nitpick] Consider revising the error message for clarity, for example: "Only local users' passwords can be changed by admin".
"Only local users passwords can be changed by admin",
nitrosx
reviewed
May 6, 2025
Junjiequan
force-pushed
the
SWAP-4672-scicat-be-create-new-endpoint-for-password-change
branch
from
6f47c69 to
e08fadc
Compare
Junjiequan
force-pushed
the
SWAP-4672-scicat-be-create-new-endpoint-for-password-change
branch
from
44d7be8 to
ca8171d
Compare
nitrosx
approved these changes
May 19, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Add endpoints for users to change their own password and for admins to change other users’ passwords, with input validation and auth-strategy checks.
Motivation
Users need a secure way to rotate their password; admins need to manage local-only accounts. Enforces that only “local” users can have their passwords updated.
Changes:
Tests included
Documentation
official documentation info