Merge pull request #1191 from andrew-bierman/Fix-oldPassword-verifica…

…tion Add verification for oldPassword
andrew-bierman · Sep 23, 2024 · f650e5d · f650e5d
2 parents ad6d7b5 + 01996fe
commit f650e5d
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/server/src/controllers/auth/updatePassword.ts b/server/src/controllers/auth/updatePassword.ts
@@ -25,13 +25,13 @@ export function updatePasswordRoute() {
   return protectedProcedure
     .input(validator.updatePassword)
     .mutation(async (opts) => {
-      const { email, password } = opts.input;
+      const { email, oldPassword, password } = opts.rawInput;
       const { env }: any = opts.ctx;
       const JWT_SECRET = env.JWT_SECRET;
       const userClass = new User();
-      const user = await userClass.findByCredentials(email, password);
+      const user = await userClass.findByCredentials(email, oldPassword);
       if (!user) {
-        throw new Error('Password is not correct');
+        throw new Error('Old password is incorrect');
       }
       const hashedPassword = await hashPassword(JWT_SECRET, password);
       const currentUser = await findUserAndUpdate(