cal.pub0.org/pages/api/auth/changepw.ts

import type { NextApiRequest, NextApiResponse } from "next";

import { getSession } from "@lib/auth";

import { ErrorCode, hashPassword, verifyPassword } from "../../../lib/auth";
import prisma from "../../../lib/prisma";

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
  const session = await getSession({ req: req });

  if (!session) {
    res.status(401).json({ message: "Not authenticated" });
    return;
  }

  const user = await prisma.user.findFirst({
    where: {
      email: session.user.email,
    },
    select: {
      id: true,
      password: true,
    },
  });

  if (!user) {
    res.status(404).json({ message: "User not found" });
    return;
  }

  const oldPassword = req.body.oldPassword;
  const newPassword = req.body.newPassword;

  const currentPassword = user.password;
  if (!currentPassword) {
    return res.status(400).json({ error: ErrorCode.UserMissingPassword });
  }

  const passwordsMatch = await verifyPassword(oldPassword, currentPassword);
  if (!passwordsMatch) {
    return res.status(403).json({ error: ErrorCode.IncorrectPassword });
  }

  if (oldPassword === newPassword) {
    return res.status(400).json({ error: ErrorCode.NewPasswordMatchesOld });
  }

  const hashedPassword = await hashPassword(newPassword);
  await prisma.user.update({
    where: {
      id: user.id,
    },
    data: {
      password: hashedPassword,
    },
  });

  res.status(200).json({ message: "Password updated successfully" });
}
add type-safe `getSession()` (#486) * fix types for auth * implement safer to use `getSession` 2021-08-18 11:52:25 +00:00			`import type { NextApiRequest, NextApiResponse } from "next";`
Suggestion: let prettier sort imports order (#673) * Suggestion: let prettier sort imports order # Conflicts: # yarn.lock * AUTO SORT ALL THE IMPORTS * Linting * Fixes test 2021-09-22 19:52:38 +00:00
add type-safe `getSession()` (#486) * fix types for auth * implement safer to use `getSession` 2021-08-18 11:52:25 +00:00			`import { getSession } from "@lib/auth";`
Suggestion: let prettier sort imports order (#673) * Suggestion: let prettier sort imports order # Conflicts: # yarn.lock * AUTO SORT ALL THE IMPORTS * Linting * Fixes test 2021-09-22 19:52:38 +00:00
			`import { ErrorCode, hashPassword, verifyPassword } from "../../../lib/auth";`
add type-safe `getSession()` (#486) * fix types for auth * implement safer to use `getSession` 2021-08-18 11:52:25 +00:00			`import prisma from "../../../lib/prisma";`
Add settings section 2021-04-07 15:03:02 +00:00
			`export default async function handler(req: NextApiRequest, res: NextApiResponse) {`
add linting in CI + fix lint errors (#473) * run `yarn lint --fix` * Revert "Revert "add linting to ci"" This reverts commit 0bbbbee4bea820343063cc407e13ac31b7f40ef7. * Fixed some errors * remove unused code - not sure why this was here? * assert env var * more type fixes * fix typings og gcal callback - needs testing * rename `md5.ts` to `md5.js` it is js. * fix types * fix types * fix lint errors * fix last lint error Co-authored-by: Alex van Andel <me@alexvanandel.com> 2021-08-19 12:27:01 +00:00			`const session = await getSession({ req: req });`

			`if (!session) {`
			`res.status(401).json({ message: "Not authenticated" });`
			`return;`
			`}`

			`const user = await prisma.user.findFirst({`
			`where: {`
			`email: session.user.email,`
			`},`
			`select: {`
			`id: true,`
			`password: true,`
			`},`
			`});`

			`if (!user) {`
			`res.status(404).json({ message: "User not found" });`
			`return;`
			`}`

			`const oldPassword = req.body.oldPassword;`
			`const newPassword = req.body.newPassword;`
Add two-factor authentication (#692) Co-authored-by: Bailey Pumfleet <pumfleet@hey.com> 2021-09-21 09:29:20 +00:00
add linting in CI + fix lint errors (#473) * run `yarn lint --fix` * Revert "Revert "add linting to ci"" This reverts commit 0bbbbee4bea820343063cc407e13ac31b7f40ef7. * Fixed some errors * remove unused code - not sure why this was here? * assert env var * more type fixes * fix typings og gcal callback - needs testing * rename `md5.ts` to `md5.js` it is js. * fix types * fix types * fix lint errors * fix last lint error Co-authored-by: Alex van Andel <me@alexvanandel.com> 2021-08-19 12:27:01 +00:00			`const currentPassword = user.password;`
Add two-factor authentication (#692) Co-authored-by: Bailey Pumfleet <pumfleet@hey.com> 2021-09-21 09:29:20 +00:00			`if (!currentPassword) {`
			`return res.status(400).json({ error: ErrorCode.UserMissingPassword });`
			`}`
add linting in CI + fix lint errors (#473) * run `yarn lint --fix` * Revert "Revert "add linting to ci"" This reverts commit 0bbbbee4bea820343063cc407e13ac31b7f40ef7. * Fixed some errors * remove unused code - not sure why this was here? * assert env var * more type fixes * fix typings og gcal callback - needs testing * rename `md5.ts` to `md5.js` it is js. * fix types * fix types * fix lint errors * fix last lint error Co-authored-by: Alex van Andel <me@alexvanandel.com> 2021-08-19 12:27:01 +00:00
			`const passwordsMatch = await verifyPassword(oldPassword, currentPassword);`
			`if (!passwordsMatch) {`
Add two-factor authentication (#692) Co-authored-by: Bailey Pumfleet <pumfleet@hey.com> 2021-09-21 09:29:20 +00:00			`return res.status(403).json({ error: ErrorCode.IncorrectPassword });`
add linting in CI + fix lint errors (#473) * run `yarn lint --fix` * Revert "Revert "add linting to ci"" This reverts commit 0bbbbee4bea820343063cc407e13ac31b7f40ef7. * Fixed some errors * remove unused code - not sure why this was here? * assert env var * more type fixes * fix typings og gcal callback - needs testing * rename `md5.ts` to `md5.js` it is js. * fix types * fix types * fix lint errors * fix last lint error Co-authored-by: Alex van Andel <me@alexvanandel.com> 2021-08-19 12:27:01 +00:00			`}`

Add two-factor authentication (#692) Co-authored-by: Bailey Pumfleet <pumfleet@hey.com> 2021-09-21 09:29:20 +00:00			`if (oldPassword === newPassword) {`
			`return res.status(400).json({ error: ErrorCode.NewPasswordMatchesOld });`
			`}`
add linting in CI + fix lint errors (#473) * run `yarn lint --fix` * Revert "Revert "add linting to ci"" This reverts commit 0bbbbee4bea820343063cc407e13ac31b7f40ef7. * Fixed some errors * remove unused code - not sure why this was here? * assert env var * more type fixes * fix typings og gcal callback - needs testing * rename `md5.ts` to `md5.js` it is js. * fix types * fix types * fix lint errors * fix last lint error Co-authored-by: Alex van Andel <me@alexvanandel.com> 2021-08-19 12:27:01 +00:00
Add two-factor authentication (#692) Co-authored-by: Bailey Pumfleet <pumfleet@hey.com> 2021-09-21 09:29:20 +00:00			`const hashedPassword = await hashPassword(newPassword);`
add linting in CI + fix lint errors (#473) * run `yarn lint --fix` * Revert "Revert "add linting to ci"" This reverts commit 0bbbbee4bea820343063cc407e13ac31b7f40ef7. * Fixed some errors * remove unused code - not sure why this was here? * assert env var * more type fixes * fix typings og gcal callback - needs testing * rename `md5.ts` to `md5.js` it is js. * fix types * fix types * fix lint errors * fix last lint error Co-authored-by: Alex van Andel <me@alexvanandel.com> 2021-08-19 12:27:01 +00:00			`await prisma.user.update({`
			`where: {`
			`id: user.id,`
			`},`
			`data: {`
			`password: hashedPassword,`
			`},`
			`});`

			`res.status(200).json({ message: "Password updated successfully" });`
			`}`