Add change_password method and route

app/controllers/users_controller.rb

@@ -3,7 +3,7 @@ class UsersController < ApplicationController
   before_action :authenticate_group_manager!, only: [:group_data]
   before_action :set_user_update, only: [:update, :admin_update]
   before_action :set_group, only: [:group_data]
-  load_and_authorize_resource :except => [:email_reset_password, :reset_password, :show_reset_token] 
+  load_and_authorize_resource :except => [:email_reset_password, :reset_password, :show_reset_token, :change_password] 
 
   # GET /user
   def index
@@ -88,6 +88,20 @@ def reset_password
     end
   end
 
+  def change_password
+    @user = User.find(current_user.id)
+
+    if @user.valid_password?(params[:old_password])
+      if @user.reset_password(params[:password], params[:password_confirmation])
+        render json: {error: false, message: "Senha redefinida com sucesso"}, status: :ok
+      else
+        render json: {error: true, data: @user.errors}, status: :bad_request
+      end
+    else
+      render json: {error: true, message: "Senha antiga incorreta"}, status: :unauthorized
+    end
+  end
+
   def request_deletion
     @user = User.find(params[:id])
 

config/routes.rb

@@ -53,6 +53,7 @@
   post "email_reset_password", to: "users#email_reset_password"
   post "show_reset_token", to: "users#show_reset_token"
   post "reset_password", to: "users#reset_password"
+  post "change_password", to: "users#change_password"
 
   resources :users do
     resources :households