feat: add password change functionality with validation and API route

aspirantzhang · aspirantzhang · commit 966f14b7b539 · 2025-03-09T20:50:55.000+08:00
diff --git a/contexts/Authorization/Application/Coordinators/AuthorizationCoordinator.php b/contexts/Authorization/Application/Coordinators/AuthorizationCoordinator.php
@@ -82,4 +82,12 @@ public function deleteUser(int $id)
 
         return $user;
     }
+
+    public function changePassword(int $userId, string $newPassword)
+    {
+        $user = $this->repository->getById(UserId::fromInt($userId));
+        $user->changePassword($newPassword);
+
+        $this->repository->changePassword($user);
+    }
 }
diff --git a/contexts/Authorization/Infrastructure/Routes.php b/contexts/Authorization/Infrastructure/Routes.php
@@ -10,6 +10,7 @@
         Route::get('{id}', 'getUser')->name('getUser');
         Route::get('', 'getUserList')->name('getUserList');
         Route::post('', 'createUser')->name('createUser');
+        Route::patch('{id}/password', 'changePassword')->name('changePassword');
         Route::put('{id}/subspend', 'subspendUser')->name('subspendUser');
         Route::put('{id}', 'updateUser')->name('updateUser');
         Route::delete('{id}', 'deleteUser')->name('deleteUser');
diff --git a/contexts/Authorization/Presentation/Controllers/AuthorizationController.php b/contexts/Authorization/Presentation/Controllers/AuthorizationController.php
@@ -9,6 +9,7 @@
 use Contexts\Authorization\Application\DTOs\CreateUserDTO;
 use Contexts\Authorization\Application\DTOs\GetUserListDTO;
 use Contexts\Authorization\Application\DTOs\UpdateUserDTO;
+use Contexts\Authorization\Presentation\Requests\ChangePasswordRequest;
 use Contexts\Authorization\Presentation\Requests\CreateUserRequest;
 use Contexts\Authorization\Presentation\Requests\GetUserListRequest;
 use Contexts\Authorization\Presentation\Requests\UpdateUserRequest;
@@ -77,4 +78,16 @@ public function deleteUser(UserIdRequest $request)
             ->message('User deleted successfully')
             ->send();
     }
+
+    public function changePassword(ChangePasswordRequest $request)
+    {
+        $data = $request->validated();
+        $userId = (int) ($data['id']);
+        $newPassword = $data['new_password'];
+        app(AuthorizationCoordinator::class)->changePassword($userId, $newPassword);
+
+        return $this->success()
+            ->message('Password changed successfully')
+            ->send();
+    }
 }
diff --git a/contexts/Authorization/Presentation/Requests/ChangePasswordRequest.php b/contexts/Authorization/Presentation/Requests/ChangePasswordRequest.php
@@ -0,0 +1,19 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Contexts\Authorization\Presentation\Requests;
+
+use App\Http\Requests\BaseFormRequest;
+
+class ChangePasswordRequest extends BaseFormRequest
+{
+    public function rules(): array
+    {
+        return [
+            'id' => $this->idRule(),
+            'new_password' => ['required', 'string', 'min:8', 'max:255', 'confirmed'],
+            'new_password_confirmation' => ['required', 'string', 'min:8', 'max:255'],
+        ];
+    }
+}
diff --git a/contexts/Authorization/Tests/Feature/UserTest.php b/contexts/Authorization/Tests/Feature/UserTest.php
@@ -13,7 +13,7 @@
     $response->assertStatus(201);
 });
 
-it('can get a user', function () {
+it('can get a user via api', function () {
     $response = $this->postJson('users', [
         'email' => 'test@email.com',
         'password' => 'password123',
@@ -38,13 +38,13 @@
     ]);
 });
 
-it('can not get a user that does not exist', function () {
+it('can not get a user that does not exist via api', function () {
     $response = $this->get('users/1');
 
     $response->assertStatus(404);
 });
 
-it('can get a list of users', function () {
+it('can get a list of users via api', function () {
     $response = $this->postJson('users', [
         'email' => 'test@email.com',
         'password' => 'password123',
@@ -59,7 +59,7 @@
     $response->assertStatus(200);
 });
 
-it('can update a user', function () {
+it('can update a user via api', function () {
     $response = $this->postJson('users', [
         'email' => 'test@email.com',
         'password' => 'password123',
@@ -85,7 +85,7 @@
     ]);
 });
 
-it('can subspend a user', function () {
+it('can subspend a user via api', function () {
     $response = $this->postJson('users', [
         'email' => 'test@email.com',
         'password' => 'password123',
@@ -102,7 +102,7 @@
     $response->assertStatus(200);
 });
 
-it('can delete a user', function () {
+it('can delete a user via api', function () {
     $response = $this->postJson('users', [
         'email' => 'test@email.com',
         'password' => 'password123',
@@ -122,3 +122,23 @@
 
     $response->assertStatus(404);
 });
+
+it('can change a user password via api', function () {
+    $response = $this->postJson('users', [
+        'email' => 'test@email.com',
+        'password' => 'password123',
+        'display_name' => 'My User',
+        'status' => 'active',
+    ]);
+
+    $response->assertStatus(201);
+
+    $id = (int) $response->json('data.id');
+
+    $response = $this->patchJson("users/{$id}/password", [
+        'new_password' => 'newpassword123',
+        'new_password_confirmation' => 'newpassword123',
+    ]);
+
+    $response->assertStatus(200);
+});

Original file line number	Diff line number	Diff line change
`@@ -82,4 +82,12 @@ public function deleteUser(int $id)`
`82`	`82`
`83`	`83`	`return $user;`
`84`	`84`	`}`
	`85`	`+`
	`86`	`+ public function changePassword(int $userId, string $newPassword)`
	`87`	`+ {`
	`88`	`+ $user = $this->repository->getById(UserId::fromInt($userId));`
	`89`	`+ $user->changePassword($newPassword);`
	`90`	`+`
	`91`	`+ $this->repository->changePassword($user);`
	`92`	`+ }`
`85`	`93`	`}`