fix(user): add checks for change password (#3078)

Co-authored-by: Rachit Naithani <81706961+racnan@users.noreply.github.com>
2025-11-02 21:07:58 +08:00 · 2023-12-07 16:17:46 +05:30
parent 585e00980c
commit 26a261131b
4 changed files with 21 additions and 23 deletions
--- a/crates/router/src/core/user.rs
+++ b/crates/router/src/core/user.rs
@ -232,10 +232,16 @@ pub async fn change_password(
            .change_context(UserErrors::InternalServerError)?
            .into();

-    user.compare_password(request.old_password)
+    user.compare_password(request.old_password.to_owned())
        .change_context(UserErrors::InvalidOldPassword)?;

-    let new_password_hash = utils::user::password::generate_password_hash(request.new_password)?;
+    if request.old_password == request.new_password {
+        return Err(UserErrors::ChangePasswordError.into());
+    }
+    let new_password = domain::UserPassword::new(request.new_password)?;
+
+    let new_password_hash =
+        utils::user::password::generate_password_hash(new_password.get_secret())?;

    let _ = UserInterface::update_user_by_user_id(
        &*state.store,