diff --git a/APP/src/app/shared/services/auth.service.spec.ts b/APP/src/app/shared/services/auth.service.spec.ts index c9d4a10..9dfa406 100644 --- a/APP/src/app/shared/services/auth.service.spec.ts +++ b/APP/src/app/shared/services/auth.service.spec.ts @@ -179,6 +179,22 @@ describe('AuthService', () => { }); }); + // ── changePassword() ───────────────────────────────────────────────────── + describe('changePassword()', () => { + it('POSTs current+new password to /api/auth/change-password with credentials', () => { + service.changePassword('Old1234!', 'New1234!').subscribe(); + + const req = httpMock.expectOne(`${apiConfig.authUrl}/change-password`); + expect(req.request.method).toBe('POST'); + expect(req.request.body).toEqual({ + currentPassword: 'Old1234!', + newPassword: 'New1234!', + }); + expect(req.request.withCredentials).toBeTrue(); + req.flush(null, { status: 204, statusText: 'No Content' }); + }); + }); + // ── initializeFromRefreshToken() ─────────────────────────────────────────── describe('initializeFromRefreshToken()', () => { diff --git a/APP/src/app/shared/services/auth.service.ts b/APP/src/app/shared/services/auth.service.ts index bf92cc1..65165da 100644 --- a/APP/src/app/shared/services/auth.service.ts +++ b/APP/src/app/shared/services/auth.service.ts @@ -147,6 +147,20 @@ export class AuthService { return this.refreshInFlight$; } + /** + * Changes the current user's password. Sends the cookie so the server can + * keep the current session alive while revoking the user's other sessions. + * Emits void on success (204); errors propagate so the caller can show the + * server message. + */ + changePassword(currentPassword: string, newPassword: string): Observable { + return this.http.post( + `${this.apiConfig.authUrl}/change-password`, + { currentPassword, newPassword }, + { withCredentials: true } + ); + } + /** * Clears in-memory auth state immediately, then fires a fire-and-forget * POST to revoke the server-side refresh token cookie.