fix admin reset password

Peppermint-Lab · Apr 4, 2024 · e40526a · e40526a
1 parent a0f66b0
commit e40526a
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 3 deletions.
diff --git a/apps/api/src/controllers/auth.ts b/apps/api/src/controllers/auth.ts
@@ -590,6 +590,57 @@ export function authRoutes(fastify: FastifyInstance) {
  }
  );
 
+ // Reset password by admin
+ fastify.post(
+ "/api/v1/auth/admin/reset-password",
+ async (request: FastifyRequest, reply: FastifyReply) => {
+ let { password, user } = request.body as {
+ password: string;
+ user: string;
+ };
+
+ console.log(user);
+
+ const bearer = request.headers.authorization!.split(" ")[1];
+ const token = checkToken(bearer);
+
+ if (token) {
+ let session = await prisma.session.findUnique({
+ where: {
+ sessionToken: bearer,
+ },
+ });
+
+ const check = await prisma.user.findUnique({
+ where: { id: session?.userId },
+ });
+
+ if (check?.isAdmin === false) {
+ reply.code(401).send({
+ message: "Unauthorized",
+ });
+ }
+
+ const hashedPass = await bcrypt.hash(password, 10);
+
+ await prisma.user.update({
+ where: { id: user },
+ data: {
+ password: hashedPass,
+ },
+ });
+
+ reply.send({
+ success: true,
+ });
+ } else {
+ reply.send({
+ success: false,
+ });
+ }
+ }
+ );
+
  // Update a users profile/config
  fastify.put(
  "/api/v1/auth/profile",

diff --git a/apps/client/components/ResetPassword/index.js b/apps/client/components/ResetPassword/index.js
@@ -4,29 +4,30 @@ import { notifications } from "@mantine/notifications";
 import { getCookie } from "cookies-next";
 import React, { Fragment, useState } from "react";
 
-export default function ResetPassword() {
+export default function ResetPassword({ user }) {
  const [open, setOpen] = useState(false);
  const [password, setPassword] = useState("");
  const [check, setCheck] = useState("");
 
  const postData = async () => {
  if (check === password && password.length > 3) {
- await fetch(`/api/v1/auth/reset-password`, {
+ await fetch(`/api/v1/auth/admin/reset-password`, {
  method: "POST",
  headers: {
  "Content-Type": "application/json",
  Authorization: "Bearer " + getCookie("session"),
  },
  body: JSON.stringify({
  password,
+ user: user.id,
  }),
  })
  .then((res) => res.json())
  .then((res) => {
  if (res.success) {
  notifications.show({
  title: "Success",
- message: `Password updated :)`,
+ message: `Password updated`,
  color: "green",
  autoClose: 5000,
  });