From 80bf198908715da704cc275f4acea5b8168976a8 Mon Sep 17 00:00:00 2001
From: srgooglo <srgooglo@ragestudio.net>
Date: Tue, 25 Oct 2022 14:41:37 +0000
Subject: [PATCH] implement `self/update_password` endpoint

---
 .../server/src/controllers/UserController/index.js    | 11 ++++++-----
 .../UserController/methods/updatePassword.js          |  8 ++++++++
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/packages/server/src/controllers/UserController/index.js b/packages/server/src/controllers/UserController/index.js
index 9a679c42..67acfbbf 100755
--- a/packages/server/src/controllers/UserController/index.js
+++ b/packages/server/src/controllers/UserController/index.js
@@ -1,6 +1,7 @@
 import { Controller } from "linebridge/dist/server"
 import passport from "passport"
 import lodash from "lodash"
+import bcrypt from "bcrypt"
 
 import SessionController from "../SessionController"
 
@@ -434,17 +435,17 @@ export default class UserController extends Controller {
                     return res.status(404).json({ message: "User not found" })
                 }
 
-                const currentPasswordHash = await bcrypt.hash(req.selection.currentPassword, parseInt(process.env.BCRYPT_ROUNDS ?? 3))
-
-                const isPasswordValid = await bcrypt.compareSync(currentPasswordHash, user.password)
+                const isPasswordValid = await bcrypt.compareSync(req.selection.currentPassword, user.password)
 
                 if (!isPasswordValid) {
-                    return res.status(401).json({ message: "Invalid password" })
+                    return res.status(401).json({
+                        message: "Current password dont match"
+                    })
                 }
 
                 const result = await updatePassword({
                     user_id: req.user._id,
-                    newPassword: req.selection.newPassword,
+                    password: req.selection.newPassword,
                 }).catch((error) => {
                     res.status(500).json({ message: error.message })
                     return null
diff --git a/packages/server/src/controllers/UserController/methods/updatePassword.js b/packages/server/src/controllers/UserController/methods/updatePassword.js
index dd7edce5..69c1f044 100644
--- a/packages/server/src/controllers/UserController/methods/updatePassword.js
+++ b/packages/server/src/controllers/UserController/methods/updatePassword.js
@@ -4,6 +4,14 @@ import { User } from "../../../models"
 export default async function (payload) {
     const { user_id, password } = payload
 
+    if (!user_id) {
+        throw new Error("Missing user_id")
+    }
+
+    if (!password) {
+        throw new Error("Missing password")
+    }
+
     const user = await User.findById(user_id)
 
     if (!user) {