var user = new User(req.body);
var userData = user.toObject();
delete userData._id;
- User.update({_id: user._id}, userData, {upsert: true}, function (err) {
+ User.update({_id: req.params.id}, userData, {upsert: true}, function (err) {
if (err) {
return res.status(500).send(err);
} else {
exports.show = function (req, res, next) {
var userId = req.params.id;
- User.findById(userId, function (err, user) {
+ User.findById(userId, '-salt -hashedPassword', function (err, user) {
if (err) return next(err);
- if (!user) return res.status(401).send('Unauthorized');
- res.json(user.profile);
+ if (!user) return res.status(404).send('Unauthorized');
+ res.status(200).json(user.profile);
});
};
var newPass = String(req.body.newPassword);
User.findById(userId, function (err, user) {
- if (user.authenticate(oldPass)) {
- user.password = newPass;
- user.save(function (err) {
- if (err) return validationError(res, err);
- res.status(200).send('OK');
- });
- } else {
- res.status(403).send('Forbidden');
- }
+ if (!user.authenticate(oldPass)) return res.status(403).send('Forbidden');
+
+ user.password = newPass;
+ user.save(function (err) {
+ if (err) return validationError(res, err);
+ res.status(200).send('OK');
+ });
});
};
*/
exports.updateMe = function (req, res, next) {
var userId = req.user._id;
- User.findOne({
- _id: userId
- }, '-salt -hashedPassword', function (err, user) { // don't ever give out the password or salt
+ User.findOne({_id: userId}, function (err, user) { // don't ever give out the password or salt
if (err) return next(err);
if (!user) return res.status(401).send('Unauthorized');
user.referential = req.body.referential;
- user.save(function (err) {
- if (err) return validationError(res, err);
+ user.save(function () {
res.status(200).send('OK');
});
});