Ryan/documenso
1
0
Fork 1
mirror of https://github.com/documenso/documenso.git synced 2025-11-13 16:23:06 +10:00
Code Issues Packages Projects Releases Wiki Activity

feat: prevent a user from updating password with the same password

Browse Source
This commit is contained in:
Ephraim Atta-Duncan
2023-08-30 03:22:47 +00:00
parent 40767430d9
commit 4f3970c361
1 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
packages/lib/server-only/user/update-password.ts
View File

@ -1,4 +1,4 @@
import { hash } from 'bcrypt'; import { compare, hash } from 'bcrypt';
import { prisma } from '@documenso/prisma'; import { prisma } from '@documenso/prisma';
@ -11,7 +11,7 @@ export type UpdatePasswordOptions = {
export const updatePassword = async ({ userId, password }: UpdatePasswordOptions) => { export const updatePassword = async ({ userId, password }: UpdatePasswordOptions) => {
// Existence check // Existence check
await prisma.user.findFirstOrThrow({ const user = await prisma.user.findFirstOrThrow({
where: { where: {
id: userId, id: userId,
}, },
@ -19,6 +19,13 @@ export const updatePassword = async ({ userId, password }: UpdatePasswordOptions
const hashedPassword = await hash(password, SALT_ROUNDS); const hashedPassword = await hash(password, SALT_ROUNDS);
// Compare the new password with the old password
const isSamePassword = await compare(password, user.password as string);
if (isSamePassword) {
throw new Error('You cannot use the same password as your current password.');
}
const updatedUser = await prisma.user.update({ const updatedUser = await prisma.user.update({
where: { where: {
id: userId, id: userId,