fix security vulnerability with update password API route

2025-11-10 04:22:27 +10:00 · 2025-01-24 21:13:24 +01:00
parent 460a40711e
commit 4c90cc1838
7 changed files with 1155 additions and 1165 deletions
--- a/libs/dto/src/auth/update-password.ts
+++ b/libs/dto/src/auth/update-password.ts
@ -2,7 +2,8 @@ import { createZodDto } from "nestjs-zod/dto";
 import { z } from "zod";

 export const updatePasswordSchema = z.object({
-  password: z.string().min(6),
+  currentPassword: z.string().min(6),
+  newPassword: z.string().min(6),
 });

 export class UpdatePasswordDto extends createZodDto(updatePasswordSchema) {}