import { hashPassword } from "@calcom/features/auth/lib/hashPassword"; import { validPassword } from "@calcom/features/auth/lib/validPassword"; import { verifyPassword } from "@calcom/features/auth/lib/verifyPassword"; import { prisma } from "@calcom/prisma"; import { IdentityProvider } from "@calcom/prisma/enums"; import { TRPCError } from "@trpc/server"; import type { TrpcSessionUser } from "../../../trpc"; import type { TChangePasswordInputSchema } from "./changePassword.schema"; type ChangePasswordOptions = { ctx: { user: NonNullable; }; input: TChangePasswordInputSchema; }; export const changePasswordHandler = async ({ input, ctx }: ChangePasswordOptions) => { const { oldPassword, newPassword } = input; const { user } = ctx; if (user.identityProvider !== IdentityProvider.CAL) { throw new TRPCError({ code: "FORBIDDEN", message: "THIRD_PARTY_IDENTITY_PROVIDER_ENABLED" }); } const currentPasswordQuery = await prisma.user.findFirst({ where: { id: user.id, }, select: { password: true, }, }); const currentPassword = currentPasswordQuery?.password; if (!currentPassword) { throw new TRPCError({ code: "NOT_FOUND", message: "MISSING_PASSWORD" }); } const passwordsMatch = await verifyPassword(oldPassword, currentPassword); if (!passwordsMatch) { throw new TRPCError({ code: "BAD_REQUEST", message: "incorrect_password" }); } if (oldPassword === newPassword) { throw new TRPCError({ code: "BAD_REQUEST", message: "new_password_matches_old_password" }); } if (!validPassword(newPassword)) { throw new TRPCError({ code: "BAD_REQUEST", message: "password_hint_min" }); } const hashedPassword = await hashPassword(newPassword); await prisma.user.update({ where: { id: user.id, }, data: { password: hashedPassword, }, }); };