Added ability for users to update their password. Minor tidy up.

src/emails/invite.tsx

@@ -1,6 +1,5 @@
 import * as React from 'react';
 import { brandColours } from '../utilities/helpers';
-import { size } from 'lodash';
 
 interface InviteEmailProperties {
     playerName: string;
@@ -21,6 +20,7 @@ export const InviteEmail = (props: InviteEmailProperties) => (
             cellSpacing={0}
             cellPadding={0}
         >
+            <tbody>
                 <tr>
                     <td align="center">
                         <div
@@ -72,6 +72,7 @@ export const InviteEmail = (props: InviteEmailProperties) => (
                         </div>
                     </td>
                 </tr>
+            </tbody>
         </table>
     </div>
 );

src/orm/matches.ts

@@ -189,7 +189,7 @@ export class MatchOrm {
 
         const player = await orm.players.get(playerId);
 
-        sql.transaction(async (tx) => {
+        await sql.transaction(async (tx) => {
             const eloRefund = parseInt(
                 (
                     await tx`SELECT elo_change FROM public.match_players WHERE match_id=${matchId.raw} AND player_id = ${playerId.raw}`

src/orm/user.ts

@@ -24,9 +24,15 @@ export class User {
 }
 
 export class UsersOrm {
-    async create(
+    async create({
-        { email, password, playerId }: { email: string; password: string; playerId: PlayerId },
+        email,
-    ): Promise<User> {
+        password,
+        playerId,
+    }: {
+        email: string;
+        password: string;
+        playerId: PlayerId;
+    }): Promise<User> {
         const existingUser: any = first(
             await sql`SELECT id
                       FROM users
@@ -100,11 +106,19 @@ export class UsersOrm {
             userToUpdate.isAdmin = patch.isAdmin ?? userToUpdate.isAdmin;
         }
 
-        await sql`UPDATE users
+        await sql.transaction(async (tx) => {
+            await tx`UPDATE users
                       SET is_active=${userToUpdate.isActive},
                           is_admin=${userToUpdate.isAdmin}
                       WHERE id = ${id.raw}`;
 
+            if (id === claims?.userId && patch.password) {
+                const passwordHash = await argon2.hash(patch.password);
+                await tx`UPDATE users
+                      SET pass_hash = ${passwordHash}`;
+                }
+        });
+
         return await this.get(id);
     }
 
@@ -133,10 +147,7 @@ export class UsersOrm {
         return;
     }
 
-    async verifyCredentials(
+    async verifyCredentials(email: string, password: string): Promise<{ userId: UserId; refreshCount: string } | null> {
-        email: string,
-        password: string,
-    ): Promise<{ userId: UserId; refreshCount: string } | null> {
         const dbResult: any = first(
             await sql`SELECT *
                       FROM users
@@ -168,12 +179,7 @@ export class UsersOrm {
         return dbResult.refresh_count === refreshCount;
     }
 
-    async changePassword(
+    async changePassword(id: UserId, oldPassword: string | null, newPassword: string, claims?: Claims): Promise<void> {
-        id: UserId,
-        oldPassword: string | null,
-        newPassword: string,
-        claims?: Claims,
-    ): Promise<void> {
         const isAdmin = Claims.test(Claims.ADMIN, claims);
         if (!(isAdmin || (Claims.test(Claims.USERS.SELF.UPDATE, claims) && id === claims?.userId))) {
             throw new UnauthorizedError();

src/utilities/guard.ts

@@ -66,6 +66,6 @@ export function unwrapMethod<T = {}>(
 ): (r: Request) => Promise<Response> {
     return async (request: Request) => {
         const unwrappedRequest = await unwrap<T>(request);
-        return await methodToUnwrap(unwrappedRequest);
+        return methodToUnwrap(unwrappedRequest);
     };
 }

src/utilities/requestModels.ts

@@ -14,6 +14,7 @@ export interface CreateUserRequest {
 export interface UpdateUserRequest {
     isActive?: boolean;
     isAdmin?: boolean;
+    password?: string;
 }
 export interface InviteUserRequest {
     email: string;