From 0f1e3affba3e0daf10f8f09afeefcd8bfb50ef8b Mon Sep 17 00:00:00 2001 From: patrickjieraldjuan Date: Sun, 28 Jan 2024 12:12:59 +0800 Subject: [PATCH] Updated resetPassword controller to check if old password = new password --- controllers/userControllers.js | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/controllers/userControllers.js b/controllers/userControllers.js index 0c48437..d38542e 100644 --- a/controllers/userControllers.js +++ b/controllers/userControllers.js @@ -146,8 +146,18 @@ module.exports.resetPassword = async (req, res) => { // Get user ID from the JWT token passed in the authorization headers const userId = req.user.id; - // Get the new password from the request body - const { newPassword } = req.body; + // Get the old and new passwords from the request body + const { oldPassword, newPassword } = req.body; + + // Fetch the user from the database + const user = await User.findById(userId); + + // Check if the old password is equal to the new password + const isOldPasswordEqual = await bcrypt.compare(oldPassword, user.password); + + if (isOldPasswordEqual) { + return res.status(400).json({ error: "Old password should not be equal to the new password." }); + } // Hash the new password const hashedPassword = await bcrypt.hash(newPassword, 10); @@ -179,4 +189,4 @@ module.exports.updateProfile = async (req, res) => { console.error(error); res.status(500).json({ error: 'Internal Server Error' }); } -}; \ No newline at end of file +};