fix: minor tidying

feat: avoid updating password with existing password
feat: prevent a user from updating password with the same password
2023-08-30 14:01:30 +10:00 · 2023-08-30 03:26:24 +00:00 · 2023-08-30 03:22:47 +00:00 · 2023-08-30 03:09:40 +00:00
4 changed files with 21 additions and 7 deletions
--- a/apps/web/src/app/(signing)/sign/[token]/signing-field-container.tsx
+++ b/apps/web/src/app/(signing)/sign/[token]/signing-field-container.tsx
@@ -57,7 +57,7 @@ export const SigningFieldContainer = ({
      >
        <CardContent
          className={cn(
-            'text-foreground hover:shadow-primary-foreground group flex h-full w-full flex-col items-center justify-center p-2 dark:invert',
+            'text-foreground hover:shadow-primary-foreground group flex h-full w-full flex-col items-center justify-center p-2',
          )}
        >
          {!field.inserted && !loading && (
--- a/apps/web/src/components/forms/password.tsx
+++ b/apps/web/src/components/forms/password.tsx
@@ -39,6 +39,7 @@ export const PasswordForm = ({ className }: PasswordFormProps) => {
  const {
    register,
    handleSubmit,
+    reset,
    formState: { errors, isSubmitting },
  } = useForm<TPasswordFormSchema>({
    values: {
@@ -56,6 +57,8 @@ export const PasswordForm = ({ className }: PasswordFormProps) => {
        password,
      });

+      reset();
+
      toast({
        title: 'Password updated',
        description: 'Your password has been updated successfully.',
@@ -73,7 +76,7 @@ export const PasswordForm = ({ className }: PasswordFormProps) => {
          title: 'An unknown error occurred',
          variant: 'destructive',
          description:
-            'We encountered an unknown error while attempting to sign you In. Please try again later.',
+            'We encountered an unknown error while attempting to update your password. Please try again later.',
        });
      }
    }
--- a/packages/lib/server-only/user/update-password.ts
+++ b/packages/lib/server-only/user/update-password.ts
@@ -1,4 +1,4 @@
-import { hash } from 'bcrypt';
+import { compare, hash } from 'bcrypt';

 import { prisma } from '@documenso/prisma';

@@ -11,7 +11,7 @@ export type UpdatePasswordOptions = {

 export const updatePassword = async ({ userId, password }: UpdatePasswordOptions) => {
  // Existence check
-  await prisma.user.findFirstOrThrow({
+  const user = await prisma.user.findFirstOrThrow({
    where: {
      id: userId,
    },
@@ -19,6 +19,13 @@ export const updatePassword = async ({ userId, password }: UpdatePasswordOptions

  const hashedPassword = await hash(password, SALT_ROUNDS);

+  // Compare the new password with the old password
+  const isSamePassword = await compare(password, user.password as string);
+
+  if (isSamePassword) {
+    throw new Error('Your new password cannot be the same as your old password.');
+  }
+
  const updatedUser = await prisma.user.update({
    where: {
      id: userId,
--- a/packages/trpc/server/profile-router/router.ts
+++ b/packages/trpc/server/profile-router/router.ts
@@ -40,12 +40,16 @@ export const profileRouter = router({
          password,
        });
      } catch (err) {
-        console.error(err);
+        let message =
+          'We were unable to update your profile. Please review the information you provided and try again.';
+
+        if (err instanceof Error) {
+          message = err.message;
+        }

        throw new TRPCError({
          code: 'BAD_REQUEST',
-          message:
-            'We were unable to update your profile. Please review the information you provided and try again.',
+          message,
        });
      }
    }),
Author	SHA1	Message	Date
Mythie	d71e43c5d6	fix: minor tidying	2023-08-30 14:01:30 +10:00
Ephraim Atta-Duncan	ed6fa4dc2a	feat: avoid updating password with existing password	2023-08-30 03:26:24 +00:00
Ephraim Atta-Duncan	4f3970c361	feat: prevent a user from updating password with the same password	2023-08-30 03:22:47 +00:00
Ephraim Atta-Duncan	40767430d9	feat: reset password from on submit	2023-08-30 03:09:40 +00:00