makearmy/makearmy-app
1
0
Fork 0
Code Issues 11 Pull requests Projects Releases Packages Wiki Activity Actions

change password bug fix

Browse source
This commit is contained in:
makearmy 2025-09-30 22:45:42 -04:00
parent 6abe450f1d
commit d090ff44f2
1 changed files with 15 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

29
app/api/account/password/route.ts
View file

@ -18,8 +18,8 @@ async function handle(req: Request) {
if (!current || !next) return bad("Missing current and/or new password"); if (!current || !next) return bad("Missing current and/or new password");
if (next.length < 8) return bad("Password must be at least 8 characters"); if (next.length < 8) return bad("Password must be at least 8 characters");
// 1) Load the current user to get email + provider // 1) Load current user to get provider + identifiers
const meRes = await fetch(`${API}/users/me?fields=id,email,provider`, { const meRes = await fetch(`${API}/users/me?fields=id,email,username,provider`, {
headers: { Authorization: `Bearer ${bearer}`, Accept: "application/json" }, headers: { Authorization: `Bearer ${bearer}`, Accept: "application/json" },
cache: "no-store", cache: "no-store",
}); });
@ -31,15 +31,9 @@ async function handle(req: Request) {
); );
} }
const email: string | undefined = me?.data?.email ?? me?.email;
const provider: string = me?.data?.provider ?? me?.provider ?? "local"; const provider: string = me?.data?.provider ?? me?.provider ?? "local";
const email: string | undefined = me?.data?.email ?? me?.email ?? undefined;
if (!email) { const username: string | undefined = me?.data?.username ?? me?.username ?? undefined;
return NextResponse.json(
{ error: "User email not available", debug: "users/me returned no email" },
{ status: 400 }
);
}
if (provider !== "local") { if (provider !== "local") {
return NextResponse.json( return NextResponse.json(
@ -48,15 +42,22 @@ async function handle(req: Request) {
); );
} }
// 2) Verify the CURRENT password by logging in to Directus // 2) Verify CURRENT password by logging in with email OR username
const auth = await loginDirectus(email, current).catch(() => null); const identifier = email || username;
if (!identifier) {
return NextResponse.json(
{ error: "No login identifier available for this user", debug: "missing email and username" },
{ status: 400 }
);
}
const auth = await loginDirectus(identifier, current).catch(() => null);
const access = auth?.access_token ?? auth?.data?.access_token; const access = auth?.access_token ?? auth?.data?.access_token;
if (!access) { if (!access) {
// Weve confirmed the “current” really doesnt match
return NextResponse.json({ error: "Current password is incorrect" }, { status: 401 }); return NextResponse.json({ error: "Current password is incorrect" }, { status: 401 });
} }
// 3) Update password using ONLY the 'password' field (avoid non-existent keys) // 3) Update password using ONLY the 'password' field
const patchRes = await fetch(`${API}/users/me`, { const patchRes = await fetch(`${API}/users/me`, {
method: "PATCH", method: "PATCH",
headers: { headers: {