cal.pub0.org/pages/api/auth/changepw.ts

import type { NextApiRequest, NextApiResponse } from "next";
import { hashPassword, verifyPassword } from "../../../lib/auth";
import { getSession } from "@lib/auth";
import prisma from "../../../lib/prisma";

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
  const session = await getSession({ req: req });

  if (!session) {
    res.status(401).json({ message: "Not authenticated" });
    return;
  }

  const user = await prisma.user.findFirst({
    where: {
      email: session.user.email,
    },
    select: {
      id: true,
      password: true,
    },
  });

  if (!user) {
    res.status(404).json({ message: "User not found" });
    return;
  }

  const oldPassword = req.body.oldPassword;
  const newPassword = req.body.newPassword;
  const currentPassword = user.password;

  const passwordsMatch = await verifyPassword(oldPassword, currentPassword);

  if (!passwordsMatch) {
    res.status(403).json({ message: "Incorrect password" });
    return;
  }

  const hashedPassword = await hashPassword(newPassword);

  await prisma.user.update({
    where: {
      id: user.id,
    },
    data: {
      password: hashedPassword,
    },
  });

  res.status(200).json({ message: "Password updated successfully" });
}
add type-safe `getSession()` (#486) * fix types for auth * implement safer to use `getSession` 2021-08-18 11:52:25 +00:00			`import type { NextApiRequest, NextApiResponse } from "next";`
			`import { hashPassword, verifyPassword } from "../../../lib/auth";`
			`import { getSession } from "@lib/auth";`
			`import prisma from "../../../lib/prisma";`
Add settings section 2021-04-07 15:03:02 +00:00
			`export default async function handler(req: NextApiRequest, res: NextApiResponse) {`
add linting in CI + fix lint errors (#473) * run `yarn lint --fix` * Revert "Revert "add linting to ci"" This reverts commit 0bbbbee4bea820343063cc407e13ac31b7f40ef7. * Fixed some errors * remove unused code - not sure why this was here? * assert env var * more type fixes * fix typings og gcal callback - needs testing * rename `md5.ts` to `md5.js` it is js. * fix types * fix types * fix lint errors * fix last lint error Co-authored-by: Alex van Andel <me@alexvanandel.com> 2021-08-19 12:27:01 +00:00			`const session = await getSession({ req: req });`

			`if (!session) {`
			`res.status(401).json({ message: "Not authenticated" });`
			`return;`
			`}`

			`const user = await prisma.user.findFirst({`
			`where: {`
			`email: session.user.email,`
			`},`
			`select: {`
			`id: true,`
			`password: true,`
			`},`
			`});`

			`if (!user) {`
			`res.status(404).json({ message: "User not found" });`
			`return;`
			`}`

			`const oldPassword = req.body.oldPassword;`
			`const newPassword = req.body.newPassword;`
			`const currentPassword = user.password;`

			`const passwordsMatch = await verifyPassword(oldPassword, currentPassword);`

			`if (!passwordsMatch) {`
			`res.status(403).json({ message: "Incorrect password" });`
			`return;`
			`}`

			`const hashedPassword = await hashPassword(newPassword);`

			`await prisma.user.update({`
			`where: {`
			`id: user.id,`
			`},`
			`data: {`
			`password: hashedPassword,`
			`},`
			`});`

			`res.status(200).json({ message: "Password updated successfully" });`
			`}`