WEBVTT

00:03.940 --> 00:05.410
Hey, did everyone they share?

00:05.410 --> 00:10.780
And in this video and some of the other videos that we'll be doing, just the two main routes for the

00:10.780 --> 00:12.360
user itself are remaining.

00:12.370 --> 00:16.090
The first one is password update and the second one is slash user slash update.

00:16.090 --> 00:21.130
Or we're going to call this one slash user dashboard slash update to keep it consistent.

00:21.400 --> 00:23.860
Just like there, let me just go ahead and add this one.

00:23.860 --> 00:30.790
So this one is going to be saying slash user dash board.

00:31.270 --> 00:36.160
And inside the user dashboard, he will have the slash update to have the update.

00:36.170 --> 00:36.970
Sounds good.

00:37.270 --> 00:37.470
Okay.

00:37.570 --> 00:41.110
So why first and foremost, why we are having two of these two routes?

00:41.110 --> 00:44.410
The reason for them is because they are going to be working to a different lane.

00:44.410 --> 00:49.780
When we want to just update the password itself, then the user at this time should be aware of their

00:49.780 --> 00:50.590
previous password.

00:50.590 --> 00:56.350
So they will send me the previous or the old password and then also they will send me either the password

00:56.350 --> 01:00.910
itself, the new password, and probably in some cases new password and confirm new password.

01:00.910 --> 01:04.900
We won't be going with the three fields, we'll be going with just the two fields because we have already

01:04.900 --> 01:08.170
seen in the past that how we can check the password and confirm password.

01:08.170 --> 01:09.610
So we won't be repeating that.

01:09.820 --> 01:15.640
So when we actually update the password itself, all we got to do is bring up the user check and verify

01:15.640 --> 01:17.710
whether the previous password matches or not.

01:17.710 --> 01:20.620
If it matches, just update one field and that's it.

01:20.620 --> 01:23.370
That's all what we do and save the user itself.

01:23.380 --> 01:28.450
Now in the case of when we are updating the entirety of the user, his name, email, maybe photo as

01:28.450 --> 01:30.610
well, then there's a collection of information.

01:30.610 --> 01:34.510
So we don't want to just manually go and add these fields into the user itself.

01:34.540 --> 01:39.880
Rather, we would prefer to use a mongoose method which is find by ID and update, which takes the entire

01:39.880 --> 01:42.250
object and just updates all of the information.

01:42.250 --> 01:46.330
But again, can we do that by injecting one information at the time and saving the user?

01:46.330 --> 01:48.970
And then of course, 100% we can do that.

01:48.970 --> 01:52.750
So in this video, let's focus on the root, which is password slash update.

01:52.750 --> 01:56.980
And by the way, I wanted to give you a small update that, yes, whenever I'm getting some time in

01:56.980 --> 02:01.030
recording and editing these videos, I'm actually updating this swagger UI as well.

02:01.030 --> 02:02.680
So it's much more easier for all of you.

02:02.680 --> 02:06.070
So I have added the dummy out a whole lot of user roots as well.

02:06.070 --> 02:12.310
So I have got this signup login log out, forgot password slash password, slash research slash token

02:12.310 --> 02:13.240
user dashboard.

02:13.240 --> 02:18.100
So all these are perfectly good and they are working as well, at least as of now.

02:18.100 --> 02:23.350
And again, these are not really compulsory to have at it, but I thought, hey, let's go ahead, I'm

02:23.350 --> 02:27.040
having some free time, so let's go ahead and update that so further down the road.

02:27.040 --> 02:29.470
Let's go ahead and bring up this one up here.

02:29.470 --> 02:32.890
So let's copy and paste this one and minimize this one.

02:32.890 --> 02:38.050
And let's go ahead and get a new controller for ourself, of course, in the user controller.

02:38.260 --> 02:42.190
So this one is going to be this time we are changing the password.

02:42.190 --> 02:45.220
So let's go ahead and say change password.

02:45.220 --> 02:47.710
Now, previously we were resetting the password.

02:47.710 --> 02:49.510
This time it is a change password.

02:49.510 --> 02:54.580
Reset the password when you don't know the old password, change password when you know the old password.

02:54.580 --> 02:57.430
So you need to send this data to me in the back end.

02:57.430 --> 02:58.180
Let's go ahead.

02:58.180 --> 03:02.710
And by the way, also have added all these comments almost everywhere so that it's easier for you to

03:02.710 --> 03:07.780
understand, although the code is very fairly self understandable, but still have added these comments.

03:07.870 --> 03:11.350
So first and foremost, what we want to do is get the ID.

03:11.350 --> 03:14.230
So we're going to go ahead and call this one as simply user ID.

03:14.260 --> 03:16.030
Let me hold that into available.

03:16.030 --> 03:25.030
So const user ID that will be coming from request dot user ID Y request, not user ID, because this

03:25.030 --> 03:27.310
root will be accessible only when you are logged in.

03:27.340 --> 03:32.350
If you are logged in, my middleware should be running and it should inject a new property which is

03:32.350 --> 03:36.760
user, dot request, dot user and I'm extracting the ID from there.

03:37.360 --> 03:39.730
Let's go ahead and find a user based on this one.

03:39.730 --> 03:46.600
So we're going to go ahead and say, hey, user, just go ahead and find me a user by the ID and here

03:46.600 --> 03:50.140
we're going to go ahead and pass on not like that, like this.

03:50.140 --> 03:54.460
And I'm going to go ahead and say, Hey, just find me a user with the user.

03:54.460 --> 03:59.950
ID also make sure you go ahead and simply say select because without selecting the password we'll not

03:59.950 --> 04:01.210
get auto selected.

04:01.300 --> 04:04.600
So we're going to say just plus password.

04:05.050 --> 04:06.910
Okay, let's hold this into available.

04:06.910 --> 04:08.830
So we're going to call this one as simply user.

04:08.830 --> 04:13.840
And since database is always on another continent, we're going to go ahead and await that.

04:14.080 --> 04:14.410
Okay.

04:14.410 --> 04:18.940
Now let's go ahead and check whether the password or the old password matches or not.

04:18.940 --> 04:23.980
So user will be sending me to properties at least the old password and the new password.

04:23.980 --> 04:26.230
You might also want to have a new confirm password.

04:26.230 --> 04:28.540
In that case, you have to check both the fields are equal.

04:28.540 --> 04:30.100
You know what I'm trying to say?

04:30.130 --> 04:33.190
We will just accept two fields, old password and new password.

04:33.370 --> 04:39.580
Now, for the old password, I can go ahead and use Mongoose the model of it and I can simply go ahead

04:39.580 --> 04:40.870
and say is validated.

04:40.870 --> 04:41.320
Password.

04:41.320 --> 04:46.540
This will help me to say that whether the password you are sending me matches or not.

04:46.540 --> 04:47.920
So let's go ahead and do that.

04:47.920 --> 04:52.450
So we're going to go ahead and say is correct.

04:53.290 --> 04:55.120
Hold password.

04:55.120 --> 04:57.460
I know this is too long, but I'm running out of the name.

04:57.460 --> 05:01.810
So if that is true and we will get the result of it by first calling the.

05:01.880 --> 05:02.420
User.

05:02.450 --> 05:04.190
Remember the small case user.

05:04.220 --> 05:09.730
It has this method which is is validate password, which requires you to pass on the old password.

05:09.740 --> 05:15.260
So we're going to say request dot body dot old password.

05:15.260 --> 05:20.060
So whatever the old password you are sending me, you can just go ahead and just pass it on that.

05:20.630 --> 05:24.890
Now, based on this, it will either give me a true result or a false result.

05:24.890 --> 05:26.780
Let's just say password doesn't match.

05:26.780 --> 05:34.940
In that case, I'm going to go ahead and say if is a correct, I can actually copy this.

05:35.600 --> 05:37.490
Actually, I should be lowering this down.

05:37.490 --> 05:39.890
So this is usually what I prefer.

05:39.890 --> 05:43.670
So I'm going to go ahead and copy this and we'll change this one here.

05:43.820 --> 05:48.050
So if this is false, that means you haven't supplied me a correct password.

05:48.050 --> 05:49.820
So I'm going to go ahead and say return.

05:49.820 --> 05:52.580
Let's go ahead and wrap it up in the next new.

05:52.820 --> 05:56.390
And we'll be saying simply error, custom error, actually.

05:58.650 --> 06:08.040
Custom error and will be sending up simply that, hey, old password is incorrect and we're going to

06:08.040 --> 06:12.300
go ahead and pass on an error as well, which is going to be 400 OC.

06:12.360 --> 06:14.580
So it looks nice at least as of now.

06:14.760 --> 06:15.270
Okay.

06:15.270 --> 06:17.700
What about if the old password is correct?

06:17.700 --> 06:22.560
In that case, I want to simply go ahead and update it with whatever the new password you are sending

06:22.560 --> 06:22.980
me.

06:22.980 --> 06:25.140
So I'll select user password.

06:25.170 --> 06:30.060
Of course it has a field of password that will be updated by whatever you are sending me in the body,

06:30.060 --> 06:34.980
which is going to be, you can call it as new password, or you can simply go ahead and call this one

06:34.980 --> 06:37.590
as password, whatever you are sending me from the body.

06:37.590 --> 06:41.010
This information, of course, needs to be conveyed to the front end user as well.

06:41.220 --> 06:44.640
Then we're going to go ahead and simply say user, dot, save.

06:44.640 --> 06:49.890
And since database is always on another continent, we are going to go ahead and say, hey, wait,

06:50.040 --> 06:53.400
wait, that thing, once this is all done, we can go ahead.

06:53.400 --> 06:59.100
And since this information has been changed, it is kind of unnecessary that you simply go ahead and

06:59.100 --> 06:59.910
update the token.

06:59.910 --> 07:04.140
So in that case, we are going to go ahead and call this method cookie token, which is going to update

07:04.140 --> 07:08.850
that it requires a user to be passed on so that ID can be extracted from it.

07:08.850 --> 07:13.470
And it also needs a response so that it can send a response on its own and update the cookie.

07:13.620 --> 07:15.030
So that's it.

07:15.030 --> 07:18.840
That's pretty much it, I guess, and it will be able to send all of that.

07:20.250 --> 07:24.270
So this is all what we have to do in change password.

07:24.300 --> 07:28.410
We need to check this one as well that are we able to properly use that.

07:28.410 --> 07:31.320
So let's go ahead and verify that on to the Post man.

07:31.320 --> 07:32.280
So it's been a while.

07:32.280 --> 07:35.630
Let's go ahead and try to log in and let's go ahead and change this up.

07:35.640 --> 07:38.970
Of course, we haven't actually created any route for this one.

07:38.970 --> 07:41.370
So let's go ahead, copy, change password.

07:41.670 --> 07:46.770
Let's go into the roots and let's bring in the route change password.

07:47.340 --> 07:48.870
And there we go.

07:49.350 --> 07:52.530
The route is going to be what is the route?

07:53.640 --> 07:56.850
Let's go ahead and check this one here.

07:56.940 --> 07:59.820
And this is slash password, slash update.

08:01.350 --> 08:06.930
So we're going to go ahead and say slash password, slash update.

08:07.740 --> 08:09.740
And of course, it needs to be logged in.

08:09.750 --> 08:13.800
This one is going to be post because you are sending me the information and the method that's going

08:13.800 --> 08:15.570
to run is the change password.

08:16.380 --> 08:22.230
So now anybody who visits this slash password slash update should be able to send me the old password

08:22.230 --> 08:24.660
and a new password, of course, after logging in.

08:24.960 --> 08:26.850
So let's go ahead and log in.

08:26.850 --> 08:30.960
So we're going to say that we want to change now this one, one, 2 to 3, three, two, back, one,

08:30.960 --> 08:32.310
two, three, four, five, six.

08:32.340 --> 08:34.020
Let's go ahead and send this one.

08:34.350 --> 08:36.360
So hopefully this has updated the cookie.

08:36.360 --> 08:38.760
And by the way, this updates the cookie everywhere.

08:38.760 --> 08:41.550
So wherever you are going to see these cookies, they are actually updated.

08:41.580 --> 08:47.220
I don't know why this is not reflecting it, but if you're going to try to access the user dashboard,

08:47.580 --> 08:51.090
notice here the cookies are there and you are able to receive the data itself.

08:51.090 --> 08:53.310
So let me in the body you are receiving the data.

08:53.310 --> 08:56.640
So these cookies are updates in the entirety of the environment.

08:56.730 --> 09:05.400
Let me go ahead and have another save as and this is going to be password update.

09:06.820 --> 09:07.900
See that.

09:08.200 --> 09:10.930
And this one is going to be a post route.

09:10.930 --> 09:12.550
And the route is going to be.

09:13.770 --> 09:17.250
Now it is going to be slash password, slash update.

09:17.280 --> 09:18.300
Copy that.

09:18.630 --> 09:19.710
Move back.

09:19.740 --> 09:20.430
Remove this.

09:20.430 --> 09:22.890
And it looks like we have two slashes.

09:24.510 --> 09:26.970
It's so tiny, sometimes it's difficult to see.

09:27.000 --> 09:29.600
So slash, slash password, slash update.

09:29.610 --> 09:34.740
And what we should be getting up here, we are already having this cookie, so we don't need to worry

09:34.740 --> 09:37.110
on that part in the body itself.

09:37.110 --> 09:39.030
I need to pass on two values.

09:39.030 --> 09:43.080
So this one is going to be old password.

09:44.440 --> 09:49.120
And did I capitalize it while writing the controller?

09:49.150 --> 09:51.940
These are the important thing that needs to be conveyed there.

09:52.420 --> 09:54.430
So I'm saying old.

09:55.180 --> 09:58.360
Where is the old password, request or old password?

09:58.360 --> 09:59.860
So P is capitalized here.

09:59.890 --> 10:01.730
This is very important in this case.

10:01.750 --> 10:07.450
So if you are saying old password and this one is just password, so old password, let's go ahead and

10:07.450 --> 10:08.650
change this one.

10:08.980 --> 10:10.660
So one, one, two, two, three, three.

10:10.660 --> 10:14.650
And this needs to be changed now to one, two, three, four, five, six.

10:16.000 --> 10:17.260
So, moment of truth.

10:17.260 --> 10:21.820
Let's go ahead and hit that send and we should receive something in the body.

10:22.060 --> 10:23.260
So we have received the token.

10:23.260 --> 10:27.610
That means our token is not only updated or password is also changed.

10:27.610 --> 10:29.590
So this is something really awesome.

10:29.740 --> 10:32.830
Notice here all the requests are coming in as a get post and whatever.

10:32.830 --> 10:34.970
So this seems to be working fine.

10:34.990 --> 10:39.560
Surely there could be a more thorough testing on that, but we'll just call it a day just right here.

10:39.580 --> 10:43.390
Now, in the next video, we are going to work on updating the user information.

10:43.390 --> 10:45.250
Let's go ahead and catch up in the next one.