feat : New transaction password can't be old trans password and current login password.

chore: add message format.

src/controllers/auth.controller.js

@@ -244,6 +244,24 @@ async function setTransPassword(req, res) {
     const user = await authService.findUserByCustomerNo(customerNo);
     if (!user) return res.status(404).json({ error: 'USER_NOT_FOUND' });
     const { transaction_password } = req.body;
+    // if (user.transaction_password) {
+    //   const isMatchWithOldPassword = await comparePassword(
+    //     transaction_password,
+    //     user.transaction_password
+    //   );
+    //   if (isMatchWithOldPassword)
+    //     return res.status(500).json({
+    //       error: 'New transaction Password will be different from Previous Password',
+    //     });
+    // }
+    const isMatchWithLoginPassword = await comparePassword(
+      transaction_password,
+      user.password_hash
+    );
+    if (isMatchWithLoginPassword)
+      return res.status(500).json({
+        error: 'New transaction Password will be different from Login Password',
+      });
     authService.setTransactionPassword(customerNo, transaction_password);
     return res.json({ message: 'Transaction Password set' });
   } catch (error) {
@@ -308,6 +326,14 @@ async function changeTransPassword(req, res) {
         error:
           'New Transaction Password will be different from Previous Transaction Password',
       });
+    const isMatchWithLoginPassword = await comparePassword(
+      newTPsw,
+      user.password_hash
+    );
+    if (isMatchWithLoginPassword)
+      return res.status(500).json({
+        error: 'New transaction Password will be different from Login Password',
+      });
     authService.changeTransPassword(customerNo, newTPsw);
     return res.json({
       message: 'New Transaction Password changed successfully',

src/controllers/otp.controller.js

@@ -114,6 +114,12 @@ async function SendOtp(req, res) {
       case 'TLIMIT_SET':
         message = templates.TLIMIT_SET(amount);
         break;
+      case 'LPWORD_CHANGE':
+        message = templates.LPWORD_CHANGE;
+        break;
+      case 'TPWORD_CHANGE':
+        message = templates.TPWORD_CHANGE;
+        break;
       default:
         return res.status(400).json({ error: 'Invalid OTP type' });
     }
@@ -194,6 +200,7 @@ async function sendForSetPassword(req, res) {
       }
     );
     await setJson(`otp:${mobileNumber}`, otp, 300);
+    logger.info(`Sent OTP [${otp}] to ${mobileNumber}`);
     return res.status(200).json({ message: 'OTP_SENT' });
   } catch (err) {
     logger.error(err, 'Error sending OTP');

src/util/sms_template.js

@@ -54,11 +54,17 @@ const templates = {
   USERNAME_SAVED: (PreferName) =>
     `Dear Customer, Your Preferred Name -${PreferName}  has been updated successfully. If this change was not made by you, please contact our support team immediately.`,
 
-  TLIMIT :(otp) =>
+  TLIMIT: (otp) =>
     `Dear Customer,Please complete the transaction limit set with OTP -${otp}. -KCCB`,
 
-  TLIMIT_SET :(amount) =>
+  TLIMIT_SET: (amount) =>
     `Dear Customer,Your transaction limit for Internet Banking is set to Rs ${amount}. -KCCB`,
+
+  LPWORD_CHANGE:
+    `Dear Customer, Your Login password has been successfully updated. If you did not initiate this, please contact your nearest branch immediately. -KCCB`,
+
+  TPWORD_CHANGE: 
+    `Dear Customer, Your transaction password has been successfully updated. If you did not initiate this, please contact your nearest branch immediately. -KCCB`,
 };
 
 module.exports = templates;