const { userCollection } = require('../../common/constants') const { ERROR } = require('../../common/error') const PasswordUtils = require('../../lib/utils/password') /** * 更新密码 * @tutorial https://uniapp.dcloud.net.cn/uniCloud/uni-id-pages.html#update-pwd * @param {object} params * @param {string} params.oldPassword 旧密码 * @param {string} params.newPassword 新密码 * @returns {object} */ module.exports = async function (params = {}) { const schema = { oldPassword: 'string', // 防止密码规则调整导致旧密码无法更新 newPassword: 'password' } this.middleware.validate(params, schema) const uid = this.authInfo.uid const getUserRes = await userCollection.doc(uid).get() const userRecord = getUserRes.data[0] if (!userRecord) { throw { errCode: ERROR.ACCOUNT_NOT_EXISTS } } const { oldPassword, newPassword } = params const passwordUtils = new PasswordUtils({ passwordSecret: this.config.passwordSecret }) const { success: checkPasswordSuccess } = passwordUtils.checkUserPassword({ password: oldPassword, passwordHash: userRecord.password, passwordSecretVersion: userRecord.password_secret_version, autoRefresh: false }) if (!checkPasswordSuccess) { throw { errCode: ERROR.PASSWORD_ERROR } } const { passwordHash, version } = passwordUtils.generatePasswordHash({ password: newPassword }) await userCollection.doc(uid).update({ password: passwordHash, password_secret_version: version, valid_token_date: Date.now() // refreshToken时会校验,如果创建token时间在此时间点之前,则拒绝下发新token,返回token失效错误码 }) // 执行更新密码操作后客户端应将用户退出重新登录 return { errCode: 0 } }