cal.pub0.org/packages/trpc/server/routers/viewer/auth.tsx

import { IdentityProvider } from "@prisma/client";
import { z } from "zod";

import { hashPassword, validPassword, verifyPassword } from "@calcom/lib/auth";
import prisma from "@calcom/prisma";

import { TRPCError } from "@trpc/server";

import { createProtectedRouter } from "../../createRouter";

export const authRouter = createProtectedRouter().mutation("changePassword", {
  input: z.object({
    oldPassword: z.string(),
    newPassword: z.string(),
  }),
  async resolve({ input, ctx }) {
    const { oldPassword, newPassword } = input;

    const { user } = ctx;

    if (user.identityProvider !== IdentityProvider.CAL) {
      throw new TRPCError({ code: "FORBIDDEN", message: "THIRD_PARTY_IDENTITY_PROVIDER_ENABLED" });
    }

    const currentPasswordQuery = await prisma.user.findFirst({
      where: {
        id: user.id,
      },
      select: {
        password: true,
      },
    });

    const currentPassword = currentPasswordQuery?.password;

    if (!currentPassword) {
      throw new TRPCError({ code: "NOT_FOUND", message: "MISSING_PASSWORD" });
    }

    const passwordsMatch = await verifyPassword(oldPassword, currentPassword);
    if (!passwordsMatch) {
      throw new TRPCError({ code: "BAD_REQUEST", message: "INCORRECT_PASSWORD" });
    }

    if (oldPassword === newPassword) {
      throw new TRPCError({ code: "BAD_REQUEST", message: "PASSWORD_MATCHES_OLD" });
    }

    if (!validPassword(newPassword)) {
      throw new TRPCError({ code: "BAD_REQUEST", message: "INVALID_PASSWORD" });
    }

    const hashedPassword = await hashPassword(newPassword);
    await prisma.user.update({
      where: {
        id: user.id,
      },
      data: {
        password: hashedPassword,
      },
    });
  },
});
V2 Settings - Security View (#4018) * Create change password screen * Add two factor auth screen * Add two factor auth screen * Remove header file * Updates middleware and rewrites * Adds Meta component to handle layout headings/metadata (#4021) Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> Co-authored-by: zomars <zomars@me.com> 2022-08-30 19:46:52 +00:00			`import { IdentityProvider } from "@prisma/client";`
			`import { z } from "zod";`

Improve 2fa: ask for code before account removal and 2fa disabling (#3817) * fix conflicts * fix remove separate function and call mutation directly * feat: add new react-otp-input to enable 2fa flow * fix: comment out * fix: remove next-auth 4.9.0 from yarn.lock * fix: delete account test fill password before submit * fix: test delete accc * fix typo in delete acc test * Update apps/web/components/security/EnableTwoFactorModal.tsx Co-authored-by: Omar López <zomars@me.com> * feat: remove react-otp-input reuse TwoFactor * feat: add center props to TwoFactor * fix: no v2 * feat: disable 2fa requires 2fa api * feat: make 2fa required to disable 2fa * fix: FormEvent instead of SyntheticEvent * fix: types * fix: move disable 2fa form to fully use RHF * fix if (e) e.preventDefault(); * feat: fix remove account * fix: remove react-otp-input types * fix: separate onConfirm to add to form handleSubmit * fix: types e:SyntethicEvent * fix: types * fix: import packages lib not web lib * Update apps/web/components/security/EnableTwoFactorModal.tsx Co-authored-by: Omar López <zomars@me.com> * Update apps/web/components/security/EnableTwoFactorModal.tsx Co-authored-by: Omar López <zomars@me.com> * fix: no import from web * fix: import * fix: remove duplicate FormEvent * fix: upgrade ErrorCode imports * fix profile types totpCode not optional * fix: build pass * fix: dont touch test delete-account * fix: type * fix: add data-testid to password field * fix: conflicts w syncServices * Build fixes * Fixes delete account e2e test Co-authored-by: Agusti Fernandez Pardo <git@agusti.me> Co-authored-by: Omar López <zomars@me.com> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> 2022-08-31 20:57:53 +00:00			`import { hashPassword, validPassword, verifyPassword } from "@calcom/lib/auth";`
V2 Settings - Security View (#4018) * Create change password screen * Add two factor auth screen * Add two factor auth screen * Remove header file * Updates middleware and rewrites * Adds Meta component to handle layout headings/metadata (#4021) Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> Co-authored-by: zomars <zomars@me.com> 2022-08-30 19:46:52 +00:00			`import prisma from "@calcom/prisma";`

			`import { TRPCError } from "@trpc/server";`

			`import { createProtectedRouter } from "../../createRouter";`

			`export const authRouter = createProtectedRouter().mutation("changePassword", {`
			`input: z.object({`
			`oldPassword: z.string(),`
			`newPassword: z.string(),`
			`}),`
			`async resolve({ input, ctx }) {`
			`const { oldPassword, newPassword } = input;`

			`const { user } = ctx;`

			`if (user.identityProvider !== IdentityProvider.CAL) {`
			`throw new TRPCError({ code: "FORBIDDEN", message: "THIRD_PARTY_IDENTITY_PROVIDER_ENABLED" });`
			`}`

			`const currentPasswordQuery = await prisma.user.findFirst({`
			`where: {`
			`id: user.id,`
			`},`
			`select: {`
			`password: true,`
			`},`
			`});`

			`const currentPassword = currentPasswordQuery?.password;`

			`if (!currentPassword) {`
			`throw new TRPCError({ code: "NOT_FOUND", message: "MISSING_PASSWORD" });`
			`}`

			`const passwordsMatch = await verifyPassword(oldPassword, currentPassword);`
			`if (!passwordsMatch) {`
			`throw new TRPCError({ code: "BAD_REQUEST", message: "INCORRECT_PASSWORD" });`
			`}`

			`if (oldPassword === newPassword) {`
			`throw new TRPCError({ code: "BAD_REQUEST", message: "PASSWORD_MATCHES_OLD" });`
			`}`

			`if (!validPassword(newPassword)) {`
			`throw new TRPCError({ code: "BAD_REQUEST", message: "INVALID_PASSWORD" });`
			`}`

			`const hashedPassword = await hashPassword(newPassword);`
			`await prisma.user.update({`
			`where: {`
			`id: user.id,`
			`},`
			`data: {`
			`password: hashedPassword,`
			`},`
			`});`
			`},`
			`});`