From 4f3970c361bb24e814739ab1c2ab70c14f74c5a6 Mon Sep 17 00:00:00 2001
From: Ephraim Atta-Duncan <ephraimduncan68@gmail.com>
Date: Wed, 30 Aug 2023 03:22:47 +0000
Subject: [PATCH] feat: prevent a user from updating password with the same
 password

---
 packages/lib/server-only/user/update-password.ts | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/packages/lib/server-only/user/update-password.ts b/packages/lib/server-only/user/update-password.ts
index d3ff9070f..521aecd22 100644
--- a/packages/lib/server-only/user/update-password.ts
+++ b/packages/lib/server-only/user/update-password.ts
@@ -1,4 +1,4 @@
-import { hash } from 'bcrypt';
+import { compare, hash } from 'bcrypt';
 
 import { prisma } from '@documenso/prisma';
 
@@ -11,7 +11,7 @@ export type UpdatePasswordOptions = {
 
 export const updatePassword = async ({ userId, password }: UpdatePasswordOptions) => {
   // Existence check
-  await prisma.user.findFirstOrThrow({
+  const user = await prisma.user.findFirstOrThrow({
     where: {
       id: userId,
     },
@@ -19,6 +19,13 @@ export const updatePassword = async ({ userId, password }: UpdatePasswordOptions
 
   const hashedPassword = await hash(password, SALT_ROUNDS);
 
+  // Compare the new password with the old password
+  const isSamePassword = await compare(password, user.password as string);
+
+  if (isSamePassword) {
+    throw new Error('You cannot use the same password as your current password.');
+  }
+
   const updatedUser = await prisma.user.update({
     where: {
       id: userId,