You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
33 lines
943 B
33 lines
943 B
2 years ago
|
import { NotFoundError, AuthenticationError } from "blitz"
|
||
|
|
import { resolver } from "@blitzjs/rpc"
|
||
|
|
import { SecurePassword } from "@blitzjs/auth"
|
||
|
|
import db from "db"
|
||
|
|
import { authenticateUser } from "./login"
|
||
|
|
import { ChangePassword } from "../validations"
|
||
|
|
|
||
|
|
export default resolver.pipe(
|
||
|
|
resolver.zod(ChangePassword),
|
||
|
|
resolver.authorize(),
|
||
|
|
async ({ currentPassword, newPassword }, ctx) => {
|
||
|
|
const user = await db.user.findFirst({ where: { id: ctx.session.userId as number } })
|
||
|
|
if (!user) throw new NotFoundError()
|
||
|
|
|
||
|
|
try {
|
||
|
|
await authenticateUser(user.email, currentPassword)
|
||
|
|
} catch (error: any) {
|
||
|
|
if (error instanceof AuthenticationError) {
|
||
|
|
throw new Error("Invalid Password")
|
||
|
|
}
|
||
|
|
throw error
|
||
|
|
}
|
||
|
|
|
||
|
|
const hashedPassword = await SecurePassword.hash(newPassword.trim())
|
||
|
|
await db.user.update({
|
||
|
|
where: { id: user.id },
|
||
|
|
data: { hashedPassword },
|
||
|
|
})
|
||
|
|
|
||
|
|
return true
|
||
|
|
}
|
||
|
|
)
|