Change user password

POST 
/company/users/changePass

Allows the authenticated user to change their own password.

Objective

To facilitate secure password changes by the user themselves, maintaining a password history to prevent reuse.

Use Cases

• User wants to change their password periodically
• User forgot their password and used recovery (now wants a personal one)
• Security policy requires regular changes

Authentication

• Requires a valid JWT (middleware m.isLoged)
• User must be authenticated

Validations

• The current password must be valid (model.isValidPassword)
• The new password must match the confirmation
• The new password must meet security requirements:
  • Minimum 8 characters
  • At least 1 uppercase letter
  • At least 1 number
• Cannot be the same as the last 5 passwords used
• Creates a notification upon password change

Process

1. User sends current password and new password
2. System verifies the current password is correct
3. System verifies that new_pass and confirm_pass match
4. If valid, updates to the new hashed password
5. Clears recovery_token
6. Creates a password change notification
7. Updates token with m.setNewToken()

Error Messages

• INVALID_PASSWORD (403): Current password is incorrect
• PASSWORD_NOT_MATCH (405): new_pass and confirm_pass do not match

Request

Responses

200

Password changed successfully

400

Invalid request. Possible causes:

• Missing fields in the request
• Error saving

401

Unauthorized. Possible causes:

• Invalid or expired JWT token
• User lacks permissions

403

Current password is incorrect

405

The new password and confirmation do not match.