Merge pull request #330 from documenso/feat/profile-password-form

feat: avoid user from updating password with the same password
2025-11-12 07:43:16 +10:00 · 2023-08-30 14:32:21 +10:00
parent fead48c2f0 d71e43c5d6
commit 83a83164d4
3 changed files with 20 additions and 6 deletions
--- a/apps/web/src/components/forms/password.tsx
+++ b/apps/web/src/components/forms/password.tsx
@ -39,6 +39,7 @@ export const PasswordForm = ({ className }: PasswordFormProps) => {
  const {
    register,
    handleSubmit,
+    reset,
    formState: { errors, isSubmitting },
  } = useForm<TPasswordFormSchema>({
    values: {
@ -56,6 +57,8 @@ export const PasswordForm = ({ className }: PasswordFormProps) => {
        password,
      });

+      reset();
+
      toast({
        title: 'Password updated',
        description: 'Your password has been updated successfully.',
@ -73,7 +76,7 @@ export const PasswordForm = ({ className }: PasswordFormProps) => {
          title: 'An unknown error occurred',
          variant: 'destructive',
          description:
-            'We encountered an unknown error while attempting to sign you In. Please try again later.',
+            'We encountered an unknown error while attempting to update your password. Please try again later.',
        });
      }
    }
--- a/packages/lib/server-only/user/update-password.ts
+++ b/packages/lib/server-only/user/update-password.ts
@ -1,4 +1,4 @@
-import { hash } from 'bcrypt';
+import { compare, hash } from 'bcrypt';

 import { prisma } from '@documenso/prisma';

@ -11,7 +11,7 @@ export type UpdatePasswordOptions = {

 export const updatePassword = async ({ userId, password }: UpdatePasswordOptions) => {
  // Existence check
-  await prisma.user.findFirstOrThrow({
+  const user = await prisma.user.findFirstOrThrow({
    where: {
      id: userId,
    },
@ -19,6 +19,13 @@ export const updatePassword = async ({ userId, password }: UpdatePasswordOptions

  const hashedPassword = await hash(password, SALT_ROUNDS);

+  // Compare the new password with the old password
+  const isSamePassword = await compare(password, user.password as string);
+
+  if (isSamePassword) {
+    throw new Error('Your new password cannot be the same as your old password.');
+  }
+
  const updatedUser = await prisma.user.update({
    where: {
      id: userId,
--- a/packages/trpc/server/profile-router/router.ts
+++ b/packages/trpc/server/profile-router/router.ts
@ -40,12 +40,16 @@ export const profileRouter = router({
          password,
        });
      } catch (err) {
-        console.error(err);
+        let message =
+          'We were unable to update your profile. Please review the information you provided and try again.';
+
+        if (err instanceof Error) {
+          message = err.message;
+        }

        throw new TRPCError({
          code: 'BAD_REQUEST',
-          message:
-            'We were unable to update your profile. Please review the information you provided and try again.',
+          message,
        });
      }
    }),