diff --git a/server/src/auth/dto/passwd-check.dto.ts b/server/src/auth/dto/passwd-check.dto.ts new file mode 100644 index 0000000000..ef829b7b06 --- /dev/null +++ b/server/src/auth/dto/passwd-check.dto.ts @@ -0,0 +1,13 @@ +import { ApiProperty } from '@nestjs/swagger' +import { IsNotEmpty, IsString, Length } from 'class-validator' + +export class PasswdCheckDto { + @ApiProperty({ + description: 'username | phone | email', + example: 'laf-user | 13805718888 | laf-user@laf.com', + }) + @IsString() + @IsNotEmpty() + @Length(3, 64) + username: string +} diff --git a/server/src/auth/user-passwd/user-password.controller.ts b/server/src/auth/user-passwd/user-password.controller.ts index 1cfa923fda..bcbf1090b7 100644 --- a/server/src/auth/user-passwd/user-password.controller.ts +++ b/server/src/auth/user-passwd/user-password.controller.ts @@ -9,8 +9,7 @@ import { PasswdSigninDto } from '../dto/passwd-signin.dto' import { AuthBindingType, AuthProviderBinding } from '../types' import { SmsService } from '../phone/sms.service' import { PasswdResetDto } from '../dto/passwd-reset.dto' -import { IRequest } from 'src/utils/interface' -import { PASSWORD_AUTH_PROVIDER_NAME } from 'src/constants' +import { PasswdCheckDto } from '../dto/passwd-check.dto' @ApiTags('Authentication - New') @Controller('auth') @@ -102,7 +101,7 @@ export class UserPasswordController { @ApiOperation({ summary: 'Reset password' }) @ApiResponse({ type: ResponseUtil }) @Post('passwd/reset') - async reset(@Body() dto: PasswdResetDto, @Req() req: IRequest) { + async reset(@Body() dto: PasswdResetDto) { // valid phone code const { phone, code, type } = dto let err = await this.smsService.validCode(phone, code, type) @@ -110,12 +109,37 @@ export class UserPasswordController { return ResponseUtil.error(err) } + // find user by phone + const user = await this.userService.findByPhone(phone) + if (!user) { + return ResponseUtil.error('user not found') + } + // reset password - err = await this.passwdService.resetPasswd(req.user.id, dto.password) + err = await this.passwdService.resetPasswd(user.id, dto.password) if (err) { return ResponseUtil.error(err) } return ResponseUtil.ok('success') } + + /** + * Check if user-password is set + */ + @ApiOperation({ summary: 'Check if user-password is set' }) + @ApiResponse({ type: ResponseUtil }) + @Post('passwd/check') + async check(@Body() dto: PasswdCheckDto) { + const { username } = dto + // check if user exists + const user = await this.userService.find(username) + if (!user) { + return ResponseUtil.error('user not found') + } + // find if set password + const hasPasswd = await this.passwdService.hasPasswd(user.id) + + return ResponseUtil.ok(hasPasswd) + } } diff --git a/server/src/auth/user-passwd/user-password.service.ts b/server/src/auth/user-passwd/user-password.service.ts index fee0889215..0e43bb606b 100644 --- a/server/src/auth/user-passwd/user-password.service.ts +++ b/server/src/auth/user-passwd/user-password.service.ts @@ -66,6 +66,12 @@ export class UserPasswordService { async resetPasswd(uid: string, passwd: string) { // start transaction const update = await this.prisma.$transaction(async (tx) => { + // disable old password + await tx.userPassword.updateMany({ + where: { uid }, + data: { state: UserPasswordState.Inactive }, + }) + // create new password const np = await tx.userPassword.create({ data: { @@ -75,12 +81,6 @@ export class UserPasswordService { }, }) - // disable old password - await tx.userPassword.updateMany({ - where: { uid }, - data: { state: UserPasswordState.Inactive }, - }) - return np }) if (!update) { @@ -89,4 +89,12 @@ export class UserPasswordService { return null } + + // check if set password + async hasPasswd(uid: string) { + const userPasswd = await this.prisma.userPassword.findFirst({ + where: { uid, state: UserPasswordState.Active }, + }) + return userPasswd ? true : false // true means has password + } }