:bug: fix password changing

1 files changed, 22 insertions, 4 deletions

diff --git a/api/src/routes/users/@me/index.ts b/api/src/routes/users/@me/index.ts
index f6bb04d7..c5f490d3 100644
--- a/api/src/routes/users/@me/index.ts
+++ b/api/src/routes/users/@me/index.ts
@@ -1,6 +1,7 @@
 import { Router, Request, Response } from "express";
-import { User, PrivateUserProjection, emitEvent, UserUpdateEvent, handleFile } from "@fosscord/util";
+import { User, PrivateUserProjection, emitEvent, UserUpdateEvent, handleFile, FieldErrors } from "@fosscord/util";
 import { route } from "@fosscord/api";
+import bcrypt from "bcrypt";
 
 const router: Router = Router();
 
@@ -32,10 +33,27 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res:
 	if (body.avatar) body.avatar = await handleFile(`/avatars/${req.user_id}`, body.avatar as string);
 	if (body.banner) body.banner = await handleFile(`/banners/${req.user_id}`, body.banner as string);
 
-	await new User({ ...body, id: req.user_id }).save();
-
-	//Need to reload user from db due to https://github.com/typeorm/typeorm/issues/3490
 	const user = await User.findOneOrFail({ where: { id: req.user_id }, select: PrivateUserProjection });
+
+	if (body.password) {
+		const same_password = await bcrypt.compare(body.password, user.data.hash || "");
+		if (!same_password) {
+			throw FieldErrors({ password: { message: req.t("auth:login.INVALID_PASSWORD"), code: "INVALID_PASSWORD" } });
+		}
+	}
+
+	user.assign(body);
+
+	if (body.new_password) {
+		if (!body.password && !user.email) {
+			throw FieldErrors({
+				password: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") }
+			});
+		}
+		user.data.hash = await bcrypt.hash(body.new_password, 12);
+	}
+
+	await user.save();
 	// TODO: send update member list event in gateway
 	await emitEvent({
 		event: "USER_UPDATE",