Add check for correct old password

andrew-bierman · Aug 23, 2024 · 4b33791 · 4b33791
1 parent 392426a
commit 4b33791
Showing 1 changed file with 18 additions and 4 deletions.
diff --git a/server/src/controllers/auth/updatePassword.ts b/server/src/controllers/auth/updatePassword.ts
@@ -3,14 +3,19 @@ import { findUserAndUpdate } from '../../services/user/user.service';
 import * as validator from '@packrat/validations';
 import { hashPassword } from '../../utils/user';
 import { type Context } from 'hono';
+import { User } from '../../drizzle/methods/User';
 
 export const updatePassword = async (c: Context) => {
   try {
     const { email, password } = await c.req.json();
     const JWT_SECRET = c.env.JWT_SECRET;
     const hashedPassword = await hashPassword(JWT_SECRET, password);
-    const user = await findUserAndUpdate(email, hashedPassword, 'password');
-    return c.json({ user }, 200);
+    const currentUser = await findUserAndUpdate(
+      email,
+      hashedPassword,
+      'password',
+    );
+    return c.json({ currentUser }, 200);
   } catch (error) {
     return c.json({ error: `Email Doesnt Exist: ${error.message}` }, 404);
   }
@@ -23,8 +28,17 @@ export function updatePasswordRoute() {
       const { email, password } = opts.input;
       const { env }: any = opts.ctx;
       const JWT_SECRET = env.JWT_SECRET;
+      const userClass = new User();
+      const user = await userClass.findByCredentials(email, password);
+      if (!user) {
+        throw new Error('Password is not correct');
+      }
       const hashedPassword = await hashPassword(JWT_SECRET, password);
-      const user = await findUserAndUpdate(email, hashedPassword, 'password');
-      return user;
+      const currentUser = await findUserAndUpdate(
+        email,
+        hashedPassword,
+        'password',
+      );
+      return currentUser;
     });
 }