Hello GUYS!
Here is how we gonna write the "update password " controller together
1. Grab an old and new password from the body
2. Now we have to check if we pass both the old and new passwords to req. body
3. Great, we have to find a logged-in user,
when a user logged in, we set a user id to req. user,
so we can access it anywhere inside our controller
Now we have to check if the old password is matching with the password in the database
So, we have to avoid using the findOneandUpdate mongoose method while we try to update the password
we have to use pre-middleware called save
const updatePassword = async (req, res) => {
const { oldPassword, newPassword } = req.body;
if (!oldPassword || !newPassword) {
throw new BadRequestError("Please Provide both values");
}
const user = await userModel.findOne({ _id: req.user.userId });
if (!(await user.comparePassword(oldPassword))) {
throw new UnauthenticatedError("Invalid Credentilas");
}
// XX Please don't do this way
// it directly update password without hashing password
const updated = await userModel.findOneAndUpdate(
{ _id: req.user.userId },
{ password: newPassword },
{ new: true }
);
// Please do this way
user.password = newPassword;
const updatedPassword = await user.save();
res.status(201).json({ msg: "Success! });
};
If you find it useful don't forget to Like and Follow for more.