feat: allow admin to update user passwords

Author: joshunrau

apps/api/src/users/users.service.ts

@@ -123,13 +123,22 @@ export class UsersService {
     return user;
   }
 
-  async updateById(id: string, { groupIds, ...data }: UpdateUserDto, { ability }: EntityOperationOptions = {}) {
+  async updateById(
+    id: string,
+    { groupIds, password, ...data }: UpdateUserDto,
+    { ability }: EntityOperationOptions = {}
+  ) {
+    let hashedPassword: string | undefined;
+    if (password) {
+      hashedPassword = await this.cryptoService.hashPassword(password);
+    }
     return this.userModel.update({
       data: {
         ...data,
         groups: {
           connect: groupIds?.map((id) => ({ id }))
-        }
+        },
+        hashedPassword
       },
       omit: {
         hashedPassword: true

apps/web/src/features/admin/components/UpdateUserForm.tsx

@@ -1,6 +1,7 @@
-import React, { useState } from 'react';
+import React, { useMemo, useState } from 'react';
 
 import { isAllUndefined } from '@douglasneuroinformatics/libjs';
+import { estimatePasswordStrength } from '@douglasneuroinformatics/libpasswd';
 import { Button, Dialog, Form } from '@douglasneuroinformatics/libui/components';
 import { useTranslation } from '@douglasneuroinformatics/libui/hooks';
 import type { FormTypes } from '@opendatacapture/runtime-core';
@@ -9,34 +10,12 @@ import type { UserPermission } from '@opendatacapture/schemas/user';
 import type { Promisable } from 'type-fest';
 import { z } from 'zod';
 
-const $UpdateUserFormData = z
-  .object({
-    additionalPermissions: z.array($UserPermission.partial()).optional(),
-    groupIds: z.set(z.string())
-  })
-  .transform((arg) => {
-    const firstPermission = arg.additionalPermissions?.[0];
-    if (firstPermission && isAllUndefined(firstPermission)) {
-      arg.additionalPermissions?.pop();
-    }
-    return arg;
-  })
-  .superRefine((arg, ctx) => {
-    arg.additionalPermissions?.forEach((permission, i) => {
-      Object.entries(permission).forEach(([key, val]) => {
-        if ((val satisfies string) === undefined) {
-          ctx.addIssue({
-            code: z.ZodIssueCode.invalid_type,
-            expected: 'string',
-            path: ['additionalPermissions', i, key],
-            received: 'undefined'
-          });
-        }
-      });
-    });
-  });
-
-type UpdateUserFormData = z.infer<typeof $UpdateUserFormData>;
+type UpdateUserFormData = {
+  additionalPermissions?: Partial<UserPermission>[];
+  confirmPassword?: string | undefined;
+  groupIds: Set<string>;
+  password?: string | undefined;
+};
 
 export type UpdateUserFormInputData = {
   disableDelete: boolean;
@@ -52,9 +31,48 @@ export const UpdateUserForm: React.FC<{
   onSubmit: (data: UpdateUserFormData & { additionalPermissions?: UserPermission[] }) => Promisable<void>;
 }> = ({ data, onDelete, onSubmit }) => {
   const { disableDelete, groupOptions, initialValues } = data;
-  const { t } = useTranslation();
+  const { resolvedLanguage, t } = useTranslation();
   const [isConfirmDeleteOpen, setIsConfirmDeleteOpen] = useState(false);
 
+  const $UpdateUserFormData = useMemo(() => {
+    return z
+      .object({
+        additionalPermissions: z.array($UserPermission.partial()).optional(),
+        groupIds: z.set(z.string()),
+        password: z.string().min(1).optional()
+      })
+      .transform((arg) => {
+        const firstPermission = arg.additionalPermissions?.[0];
+        if (firstPermission && isAllUndefined(firstPermission)) {
+          arg.additionalPermissions?.pop();
+        }
+        return arg;
+      })
+      .superRefine((arg, ctx) => {
+        if (arg.password && !estimatePasswordStrength(arg.password).success) {
+          ctx.addIssue({
+            code: z.ZodIssueCode.custom,
+            fatal: true,
+            message: t('common.insufficientPasswordStrength'),
+            path: ['password']
+          });
+          return z.NEVER;
+        }
+        arg.additionalPermissions?.forEach((permission, i) => {
+          Object.entries(permission).forEach(([key, val]) => {
+            if ((val satisfies string) === undefined) {
+              ctx.addIssue({
+                code: z.ZodIssueCode.invalid_type,
+                expected: 'string',
+                path: ['additionalPermissions', i, key],
+                received: 'undefined'
+              });
+            }
+          });
+        });
+      }) satisfies z.ZodType<UpdateUserFormData>;
+  }, [resolvedLanguage]);
+
   return (
     <Dialog open={isConfirmDeleteOpen} onOpenChange={setIsConfirmDeleteOpen}>
       <Form
@@ -68,6 +86,22 @@ export const UpdateUserForm: React.FC<{
           )
         }}
         content={[
+          {
+            fields: {
+              password: {
+                calculateStrength: (password) => {
+                  return estimatePasswordStrength(password).score;
+                },
+                kind: 'string',
+                label: t('common.password'),
+                variant: 'password'
+              }
+            },
+            title: t({
+              en: 'Login Credentials',
+              fr: 'Identifiants de connexion'
+            })
+          },
           {
             description: t({
               en: 'IMPORTANT: These permissions are not specific to any group. To manage granular permissions, please use the API.',