fix: change password

controllers/users.controller.js

@@ -2,7 +2,7 @@ const userService = require("../services/user.service");
 const { ErrorHandler } = require("../helpers/error");
 const { setResponse } = require("../helpers/utils");
 const Joi = require("joi");
-const { userSchema } = require("../helpers/validation");
+const { userSchema, newPasswordSchema } = require("../helpers/validation");
 
 class UserController {
   // Get all users
@@ -112,14 +112,26 @@ class UserController {
   // Change user password
   static async changePassword(req, res) {
     try {
-      const { id } = req.params;
-      const { new_password } = req.body;
+    const { new_password } = req.body;
+    const { id } = req.params;
 
-      if (!id || !new_password) {
-        throw new ErrorHandler(400, "user_id and new_password are required");
+    if (!id || !new_password) {
+      throw new ErrorHandler(400, "user_id and new_password are required");
+    }
+
+     const { error } = newPasswordSchema.validate({ new_password });
+
+      if (error) {
+        const errors = error.details.reduce((acc, cur) => {
+          const field = Array.isArray(cur.path) ? cur.path.join('.') : String(cur.path);
+          if (!acc[field]) acc[field] = [];
+          acc[field].push(cur.message);
+          return acc;
+        }, {});
+        return res.status(400).json(setResponse(errors, 'Validation failed', 400));
       }
 
-      const result = await userService.changeUserPassword(user_id, new_password);
+      const result = await userService.changeUserPassword(id, new_password);
       return res.status(200).json(setResponse(result, "Password changed successfully", 200));
     } catch (error) {
       return res

helpers/validation.js

@@ -32,6 +32,19 @@ const loginSchema = Joi.object({
   captcha: Joi.string().required(),
   captchaText: Joi.string().required()
 });
+const newPasswordSchema = Joi.object({
+  new_password: Joi.string()
+    .min(8)
+    .pattern(/[A-Z]/, 'uppercase letter')
+    .pattern(/[a-z]/, 'lowercase letter')
+    .pattern(/\d/, 'number')
+    .pattern(/[!@#$%^&*(),.?":{}|<>]/, 'special character')
+    .required()
+    .messages({
+      'string.min': 'Password must be at least 8 characters long',
+      'string.pattern.name': 'Password must contain at least one {#name}'
+    })
+})
 
 // ========================
 // Device Validation
@@ -94,6 +107,7 @@ const userSchema = Joi.object({
 module.exports = {
   registerSchema,
   loginSchema,
+  newPasswordSchema,
   deviceSchema,
   deviceUpdateSchema,
   userSchema,

services/user.service.js

@@ -115,9 +115,6 @@ class UserService {
         ...(email && { user_email: email }),
         ...(phone && { user_phone: phone }),
         ...(role_id !== undefined && { role_id }),
-        ...(is_sa !== undefined && { is_sa }),
-        ...(is_active !== undefined && { is_active }),
-        ...(is_approve !== undefined && { is_approve }),
         ...(updatedById !== undefined && { updated_by: updatedById })
       };
 
@@ -163,10 +160,10 @@ class UserService {
   };
 
   // Change password
-  changeUserPassword = async (userId, newPassword) => {
+  changeUserPassword = async (user_Id, new_Password) => {
     try {
-      const hashedPassword = await hashPassword(newPassword);
-      await changeUserPasswordDb(userId, hashedPassword);
+      const hashedPassword = await hashPassword(new_Password);
+      await changeUserPasswordDb(user_Id, hashedPassword);
       return { message: "Password updated successfully" };
     } catch (error) {
       throw new ErrorHandler(error.statusCode || 500, error.message);