add route to verify password and change password

Author: Kurtyjlee

peerprep-fe/src/app/profile/page.tsx

@@ -109,28 +109,38 @@ const ProfilePage = () => {
     }
 
     try {
+      const verifyResult = await axiosClient.post(
+        `/auth/verify-password/${user.id}`,
+        {
+          password: passwordData.currentPassword,
+        },
+      );
+
       const result = await axiosClient.patch(`/users/${user.id}`, {
         password: passwordData.newPassword,
       });
 
-      if (result.status === 200) {
-        setPasswordMessage({
-          type: 'success',
-          text: 'Password updated successfully',
-        });
+      // throw error if result is not 200
+      if (result.status !== 200) {
+        throw new Error(result.data.message);
+      }
 
-        // reset the fields
-        setPasswordData({
-          currentPassword: '',
-          newPassword: '',
-          confirmPassword: '',
-        });
+      setPasswordMessage({
+        type: 'success',
+        text: 'Password updated successfully',
+      });
 
-        // Clear message after 5 seconds
-        setTimeout(() => {
-          setPasswordMessage(null);
-        }, 5000);
-      }
+      // reset the fields
+      setPasswordData({
+        currentPassword: '',
+        newPassword: '',
+        confirmPassword: '',
+      });
+
+      // Clear message after 5 seconds
+      setTimeout(() => {
+        setPasswordMessage(null);
+      }, 5000);
     } catch (error: unknown) {
       const message =
         (error as { response?: { data?: { message?: string } } })?.response

user-service/controller/auth-controller.js

@@ -1,6 +1,7 @@
 import bcrypt from 'bcrypt';
 import jwt from 'jsonwebtoken';
 import { findUserByEmail as _findUserByEmail } from '../model/repository.js';
+import { findUserById as _findUserById } from '../model/repository.js';
 import { formatUserResponse } from './user-controller.js';
 
 export async function handleLogin(req, res) {
@@ -51,3 +52,44 @@ export async function handleVerifyToken(req, res) {
     return res.status(500).json({ message: err.message });
   }
 }
+
+/**
+ * Controller function to verify if the password is correct
+ * @param {} req
+ * @param {*} res
+ * @returns 200 if password is correct, 400 if missing id and/or password, 401 if user not found, 500 if error
+ */
+export async function verifyPassword(req, res) {
+  const { id } = req.params;
+  const { password } = req.body;
+  const verifiedUser = req.user;
+
+  console.log(id, password, verifiedUser);
+
+  if (!id) {
+    return res.status(400).json({ message: 'Missing id' });
+  }
+
+  if (!password) {
+    return res.status(400).json({ message: 'Missing password' });
+  }
+
+  // Only the owner of the account can verify the password
+  if (id !== verifiedUser.id) {
+    return res.status(401).json({ message: 'Unauthorized' });
+  }
+
+  // Getting the password from the database
+  const user = await _findUserById(id);
+
+  try {
+    const match = await bcrypt.compare(password, user.password);
+    if (!match) {
+      return res.status(401).json({ message: 'Wrong password' });
+    }
+
+    return res.status(200).json({ message: 'Password verified' });
+  } catch (err) {
+    return res.status(500).json({ message: err.message });
+  }
+}

user-service/routes/auth-routes.js

@@ -2,6 +2,7 @@ import express from 'express';
 import {
   handleLogin,
   handleVerifyToken,
+  verifyPassword,
 } from '../controller/auth-controller.js';
 import { handleGithubCallback } from '../controller/oauth-controller.js';
 import { verifyAccessToken } from '../middleware/basic-access-control.js';
@@ -14,4 +15,6 @@ router.get('/verify-token', verifyAccessToken, handleVerifyToken);
 
 router.get('/github/callback', handleGithubCallback);
 
+router.post('/verify-password/:id', verifyAccessToken, verifyPassword);
+
 export default router;