cal.pub0.org/packages/trpc/server/routers/viewer/auth.tsx

94 lines
2.5 KiB
TypeScript

import { IdentityProvider } from "@prisma/client";
import { z } from "zod";
import { hashPassword } from "@calcom/features/auth/lib/hashPassword";
import { validPassword } from "@calcom/features/auth/lib/validPassword";
import { verifyPassword } from "@calcom/features/auth/lib/verifyPassword";
import prisma from "@calcom/prisma";
import { TRPCError } from "@trpc/server";
import { router, authedProcedure } from "../../trpc";
export const authRouter = router({
changePassword: authedProcedure
.input(
z.object({
oldPassword: z.string(),
newPassword: z.string(),
})
)
.mutation(async ({ input, ctx }) => {
const { oldPassword, newPassword } = input;
const { user } = ctx;
if (user.identityProvider !== IdentityProvider.CAL) {
throw new TRPCError({ code: "FORBIDDEN", message: "THIRD_PARTY_IDENTITY_PROVIDER_ENABLED" });
}
const currentPasswordQuery = await prisma.user.findFirst({
where: {
id: user.id,
},
select: {
password: true,
},
});
const currentPassword = currentPasswordQuery?.password;
if (!currentPassword) {
throw new TRPCError({ code: "NOT_FOUND", message: "MISSING_PASSWORD" });
}
const passwordsMatch = await verifyPassword(oldPassword, currentPassword);
if (!passwordsMatch) {
throw new TRPCError({ code: "BAD_REQUEST", message: "incorrect_password" });
}
if (oldPassword === newPassword) {
throw new TRPCError({ code: "BAD_REQUEST", message: "new_password_matches_old_password" });
}
if (!validPassword(newPassword)) {
throw new TRPCError({ code: "BAD_REQUEST", message: "password_hint_min" });
}
const hashedPassword = await hashPassword(newPassword);
await prisma.user.update({
where: {
id: user.id,
},
data: {
password: hashedPassword,
},
});
}),
verifyPassword: authedProcedure
.input(
z.object({
passwordInput: z.string(),
})
)
.mutation(async ({ input, ctx }) => {
const user = await prisma.user.findUnique({
where: {
id: ctx.user.id,
},
});
if (!user?.password) {
throw new TRPCError({ code: "INTERNAL_SERVER_ERROR" });
}
const passwordsMatch = await verifyPassword(input.passwordInput, user.password);
if (!passwordsMatch) {
throw new TRPCError({ code: "UNAUTHORIZED" });
}
return;
}),
});