cal.pub0.org/pages/api/auth/changepw.ts

import type { NextApiRequest, NextApiResponse } from 'next';
import { hashPassword, verifyPassword } from '../../../lib/auth';
import { getSession } from 'next-auth/client';
import prisma from '../../../lib/prisma';

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
    const session = await getSession({req: req});

    if (!session) {
        res.status(401).json({message: "Not authenticated"});
        return;
    }

    // TODO: Add user ID to user session object
    const user = await prisma.user.findFirst({
        where: {
            email: session.user.email,
        },
        select: {
            id: true,
            password: true
        }
    });

    if (!user) { res.status(404).json({message: 'User not found'}); return; }

    const oldPassword = req.body.oldPassword;
    const newPassword = req.body.newPassword;
    const currentPassword = user.password;

    const passwordsMatch = await verifyPassword(oldPassword, currentPassword);

    if (!passwordsMatch) { res.status(403).json({message: 'Incorrect password'}); return; }

    const hashedPassword = await hashPassword(newPassword);

    const updateUser = await prisma.user.update({
        where: {
          id: user.id,
        },
        data: {
          password: hashedPassword,
        },
    });

    res.status(200).json({message: 'Password updated successfully'});
}
Add settings section 2021-04-07 15:03:02 +00:00			`import type { NextApiRequest, NextApiResponse } from 'next';`
			`import { hashPassword, verifyPassword } from '../../../lib/auth';`
			`import { getSession } from 'next-auth/client';`
			`import prisma from '../../../lib/prisma';`

			`export default async function handler(req: NextApiRequest, res: NextApiResponse) {`
			`const session = await getSession({req: req});`

			`if (!session) {`
			`res.status(401).json({message: "Not authenticated"});`
			`return;`
			`}`

			`// TODO: Add user ID to user session object`
			`const user = await prisma.user.findFirst({`
			`where: {`
			`email: session.user.email,`
			`},`
			`select: {`
			`id: true,`
			`password: true`
			`}`
			`});`

			`if (!user) { res.status(404).json({message: 'User not found'}); return; }`

			`const oldPassword = req.body.oldPassword;`
			`const newPassword = req.body.newPassword;`
			`const currentPassword = user.password;`

			`const passwordsMatch = await verifyPassword(oldPassword, currentPassword);`

			`if (!passwordsMatch) { res.status(403).json({message: 'Incorrect password'}); return; }`

			`const hashedPassword = await hashPassword(newPassword);`

			`const updateUser = await prisma.user.update({`
			`where: {`
			`id: user.id,`
			`},`
			`data: {`
			`password: hashedPassword,`
			`},`
			`});`

			`res.status(200).json({message: 'Password updated successfully'});`
			`}`