From 3fd4a4c1b7364cb0b6ab033b4fc6a8c7ae8aa47d Mon Sep 17 00:00:00 2001
From: Antony Kurniawan <antonynugroho467@gmail.com>
Date: Thu, 9 Oct 2025 09:01:08 +0700
Subject: [PATCH] fix: change password

---
 controllers/users.controller.js | 24 ++++++++++++++++++------
 services/user.service.js        |  9 +++------
 2 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/controllers/users.controller.js b/controllers/users.controller.js
index b8ed7ff..cc24712 100644
--- a/controllers/users.controller.js
+++ b/controllers/users.controller.js
@@ -2,7 +2,7 @@ const userService = require("../services/user.service");
 const { ErrorHandler } = require("../helpers/error");
 const { setResponse } = require("../helpers/utils");
 const Joi = require("joi");
-const { userSchema } = require("../helpers/validation");
+const { userSchema, newPasswordSchema } = require("../helpers/validation");
 
 class UserController {
   // Get all users
@@ -112,14 +112,26 @@ class UserController {
   // Change user password
   static async changePassword(req, res) {
     try {
-      const { id } = req.params;
-      const { new_password } = req.body;
+    const { new_password } = req.body;
+    const { id } = req.params;
 
-      if (!id || !new_password) {
-        throw new ErrorHandler(400, "user_id and new_password are required");
+    if (!id || !new_password) {
+      throw new ErrorHandler(400, "user_id and new_password are required");
+    }
+
+     const { error } = newPasswordSchema.validate({ new_password });
+
+      if (error) {
+        const errors = error.details.reduce((acc, cur) => {
+          const field = Array.isArray(cur.path) ? cur.path.join('.') : String(cur.path);
+          if (!acc[field]) acc[field] = [];
+          acc[field].push(cur.message);
+          return acc;
+        }, {});
+        return res.status(400).json(setResponse(errors, 'Validation failed', 400));
       }
 
-      const result = await userService.changeUserPassword(user_id, new_password);
+      const result = await userService.changeUserPassword(id, new_password);
       return res.status(200).json(setResponse(result, "Password changed successfully", 200));
     } catch (error) {
       return res
diff --git a/services/user.service.js b/services/user.service.js
index 1017a54..559b4c8 100644
--- a/services/user.service.js
+++ b/services/user.service.js
@@ -115,9 +115,6 @@ class UserService {
         ...(email && { user_email: email }),
         ...(phone && { user_phone: phone }),
         ...(role_id !== undefined && { role_id }),
-        ...(is_sa !== undefined && { is_sa }),
-        ...(is_active !== undefined && { is_active }),
-        ...(is_approve !== undefined && { is_approve }),
         ...(updatedById !== undefined && { updated_by: updatedById })
       };
 
@@ -163,10 +160,10 @@ class UserService {
   };
 
   // Change password
-  changeUserPassword = async (userId, newPassword) => {
+  changeUserPassword = async (user_Id, new_Password) => {
     try {
-      const hashedPassword = await hashPassword(newPassword);
-      await changeUserPasswordDb(userId, hashedPassword);
+      const hashedPassword = await hashPassword(new_Password);
+      await changeUserPasswordDb(user_Id, hashedPassword);
       return { message: "Password updated successfully" };
     } catch (error) {
       throw new ErrorHandler(error.statusCode || 500, error.message);