Updated resetPassword controller to check if old password = new password

master
parent 7af8572672
commit 0f1e3affba

@ -146,8 +146,18 @@ module.exports.resetPassword = async (req, res) => {
// Get user ID from the JWT token passed in the authorization headers
const userId = req.user.id;
// Get the new password from the request body
const { newPassword } = req.body;
// Get the old and new passwords from the request body
const { oldPassword, newPassword } = req.body;
// Fetch the user from the database
const user = await User.findById(userId);
// Check if the old password is equal to the new password
const isOldPasswordEqual = await bcrypt.compare(oldPassword, user.password);
if (isOldPasswordEqual) {
return res.status(400).json({ error: "Old password should not be equal to the new password." });
}
// Hash the new password
const hashedPassword = await bcrypt.hash(newPassword, 10);

Loading…
Cancel
Save