cal.pub0.org/packages/trpc/server/routers/viewer/auth.tsx

import { IdentityProvider } from "@prisma/client";
import { z } from "zod";

import { hashPassword, verifyPassword, validPassword } from "@calcom/lib/auth";
import prisma from "@calcom/prisma";

import { TRPCError } from "@trpc/server";

import { createProtectedRouter } from "../../createRouter";

export const authRouter = createProtectedRouter().mutation("changePassword", {
  input: z.object({
    oldPassword: z.string(),
    newPassword: z.string(),
  }),
  async resolve({ input, ctx }) {
    const { oldPassword, newPassword } = input;

    const { user } = ctx;

    if (user.identityProvider !== IdentityProvider.CAL) {
      throw new TRPCError({ code: "FORBIDDEN", message: "THIRD_PARTY_IDENTITY_PROVIDER_ENABLED" });
    }

    const currentPasswordQuery = await prisma.user.findFirst({
      where: {
        id: user.id,
      },
      select: {
        password: true,
      },
    });

    const currentPassword = currentPasswordQuery?.password;

    if (!currentPassword) {
      throw new TRPCError({ code: "NOT_FOUND", message: "MISSING_PASSWORD" });
    }

    const passwordsMatch = await verifyPassword(oldPassword, currentPassword);
    if (!passwordsMatch) {
      throw new TRPCError({ code: "BAD_REQUEST", message: "INCORRECT_PASSWORD" });
    }

    if (oldPassword === newPassword) {
      throw new TRPCError({ code: "BAD_REQUEST", message: "PASSWORD_MATCHES_OLD" });
    }

    if (!validPassword(newPassword)) {
      throw new TRPCError({ code: "BAD_REQUEST", message: "INVALID_PASSWORD" });
    }

    const hashedPassword = await hashPassword(newPassword);
    await prisma.user.update({
      where: {
        id: user.id,
      },
      data: {
        password: hashedPassword,
      },
    });
  },
});
V2 Settings - Security View (#4018) * Create change password screen * Add two factor auth screen * Add two factor auth screen * Remove header file * Updates middleware and rewrites * Adds Meta component to handle layout headings/metadata (#4021) Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> Co-authored-by: zomars <zomars@me.com> 2022-08-30 19:46:52 +00:00			`import { IdentityProvider } from "@prisma/client";`
			`import { z } from "zod";`

			`import { hashPassword, verifyPassword, validPassword } from "@calcom/lib/auth";`
			`import prisma from "@calcom/prisma";`

			`import { TRPCError } from "@trpc/server";`

			`import { createProtectedRouter } from "../../createRouter";`

			`export const authRouter = createProtectedRouter().mutation("changePassword", {`
			`input: z.object({`
			`oldPassword: z.string(),`
			`newPassword: z.string(),`
			`}),`
			`async resolve({ input, ctx }) {`
			`const { oldPassword, newPassword } = input;`

			`const { user } = ctx;`

			`if (user.identityProvider !== IdentityProvider.CAL) {`
			`throw new TRPCError({ code: "FORBIDDEN", message: "THIRD_PARTY_IDENTITY_PROVIDER_ENABLED" });`
			`}`

			`const currentPasswordQuery = await prisma.user.findFirst({`
			`where: {`
			`id: user.id,`
			`},`
			`select: {`
			`password: true,`
			`},`
			`});`

			`const currentPassword = currentPasswordQuery?.password;`

			`if (!currentPassword) {`
			`throw new TRPCError({ code: "NOT_FOUND", message: "MISSING_PASSWORD" });`
			`}`

			`const passwordsMatch = await verifyPassword(oldPassword, currentPassword);`
			`if (!passwordsMatch) {`
			`throw new TRPCError({ code: "BAD_REQUEST", message: "INCORRECT_PASSWORD" });`
			`}`

			`if (oldPassword === newPassword) {`
			`throw new TRPCError({ code: "BAD_REQUEST", message: "PASSWORD_MATCHES_OLD" });`
			`}`

			`if (!validPassword(newPassword)) {`
			`throw new TRPCError({ code: "BAD_REQUEST", message: "INVALID_PASSWORD" });`
			`}`

			`const hashedPassword = await hashPassword(newPassword);`
			`await prisma.user.update({`
			`where: {`
			`id: user.id,`
			`},`
			`data: {`
			`password: hashedPassword,`
			`},`
			`});`
			`},`
			`});`