Add `userEdit` and `userPasswordEdit` mutations

2 files changed, 148 insertions, 0 deletions

diff --git a/src/graphql/mutation.rs b/src/graphql/mutation.rs
index 0eb4c0b..12a741c 100644
--- a/src/graphql/mutation.rs
+++ b/src/graphql/mutation.rs
@@ -41,6 +41,7 @@ impl Mutation {
     /// ```text
     /// curl -X POST http://localhost:8000/graphql \
     /// -H "Content-Type: application/json" \
+    /// -H "Authorization: Bearer ***" \
     /// -d '{
     ///   "query": "mutation RegisterDevice($input: RegisterNotificationToken!) { registerDevice(input: $input) { id name email } }",
     ///   "variables": {
@@ -58,6 +59,60 @@ impl Mutation {
         user::mutations::register_device(ctx, input).await
     }
 
+    /// Make GraphQL call to edit their passowrd.
+    ///
+    /// Example:
+    /// ```text
+    /// curl -X POST http://localhost:8000/graphql \
+    /// -H "Content-Type: application/json" \
+    /// -H "Authorization: Bearer ***" \
+    /// -d '{
+    ///   "query": "mutation UserPasswordEdit($input: UserPasswordEdit!) { userPasswordEdit(input: $input) { id email name address is_admin } }",
+    ///   "variables": {
+    ///     "input": {
+    ///       "password1": "***",
+    ///       "password2": "***"
+    ///     }
+    ///   }
+    /// }'
+    /// ```
+    async fn user_password_edit<'ctx>(
+        &self,
+        ctx: &Context<'ctx>,
+        input: user::UserPasswordEdit,
+    ) -> FieldResult<user::User> {
+        user::mutations::user_password_edit(ctx, input).await
+    }
+
+    /// Make GraphQL call to edit an user. Not admins can edit only the user linked to the access
+    /// token used.
+    ///
+    /// Example:
+    /// ```text
+    /// curl -X POST http://localhost:8000/graphql \
+    /// -H "Content-Type: application/json" \
+    /// -H "Authorization: Bearer ***" \
+    /// -d '{
+    ///   "query": "mutation UserEdit($input: UserEdit!, $id: Int!) { userEdit(input: $input, id: $id) { id email name address is_admin } }",
+    ///   "variables": {
+    ///     "input": {
+    ///       "email": "mario.rossi@example.com",
+    ///       "name": "Mario Rossi",
+    ///       "address": ""
+    ///     },
+    ///     "id": 42
+    ///   }
+    /// }'
+    /// ```
+    async fn user_edit<'ctx>(
+        &self,
+        ctx: &Context<'ctx>,
+        input: user::UserEdit,
+        id: i32,
+    ) -> FieldResult<user::User> {
+        user::mutations::user_edit(ctx, input, id).await
+    }
+
     /// Make GraphQL request to create new position to track
     ///
     /// Example:
diff --git a/src/graphql/types/user.rs b/src/graphql/types/user.rs
index 0e287ea..44cc87c 100644
--- a/src/graphql/types/user.rs
+++ b/src/graphql/types/user.rs
@@ -53,6 +53,19 @@ pub struct RegisterNotificationToken {
     pub token: String,
 }
 
+#[derive(InputObject, Debug)]
+pub struct UserEdit {
+    pub email: String,
+    pub name: Option<String>,
+    pub address: Option<String>,
+}
+
+#[derive(InputObject, Debug)]
+pub struct UserPasswordEdit {
+    pub password1: String,
+    pub password2: String,
+}
+
 /// Find an user with id = `id` using the PostgreSQL `client`
 pub async fn find_user(client: &Client, id: i32) -> Result<User, AppError> {
     let rows = client
@@ -224,4 +237,84 @@ pub mod mutations {
             }
         }
     }
+
+    /// Edit user info
+    pub async fn user_edit<'ctx>(
+        ctx: &Context<'ctx>,
+        input: UserEdit,
+        id: i32,
+    ) -> FieldResult<User> {
+        let state = ctx.data::<AppState>().expect("Can't connect to db");
+        let client = &*state.client;
+
+        let auth: &Authentication = ctx.data().unwrap();
+        match auth {
+            Authentication::NotLogged => Err(Error::new("Can't find the owner")),
+            Authentication::Logged(claims) => {
+                let user = find_user(client, claims.user_id)
+                    .await
+                    .expect("should not be here");
+
+                if find_user(client, id).await.is_err() {
+                    return Err(Error::new("User not found"));
+                }
+
+                if !(user.is_admin || user.id == id) {
+                    return Err(Error::new("Not found"));
+                }
+
+                client
+                    .query(
+                        "UPDATE users SET email = $1, name = $2, address = $3 WHERE id = $4",
+                        &[&input.email, &input.name, &input.address, &id],
+                    )
+                    .await
+                    .unwrap();
+
+                let user = find_user(client, claims.user_id)
+                    .await
+                    .expect("Should not be here");
+
+                Ok(user)
+            }
+        }
+    }
+
+    /// Edit user password
+    pub async fn user_password_edit<'ctx>(
+        ctx: &Context<'ctx>,
+        input: UserPasswordEdit,
+    ) -> FieldResult<User> {
+        let state = ctx.data::<AppState>().expect("Can't connect to db");
+        let client = &*state.client;
+
+        let auth: &Authentication = ctx.data().unwrap();
+        match auth {
+            Authentication::NotLogged => Err(Error::new("Can't find the owner")),
+            Authentication::Logged(claims) => {
+                let user = find_user(client, claims.user_id)
+                    .await
+                    .expect("should not be here");
+
+                if input.password1 != input.password2 {
+                    return Err(Error::new("`password1` and `password2` must be equals"));
+                }
+
+                if input.password1.len() < 8 {
+                    return Err(Error::new("`password1` length must be >= 8"));
+                }
+
+                let password = sha256::digest(input.password1);
+                client
+                    .query(
+                        "UPDATE users SET password = $1 WHERE id = $2",
+                        &[&password, &user.id],
+                    )
+                    .await
+                    .unwrap();
+
+                Ok(user)
+            }
+        }
+    }
 }