feat : New transaction password can't be old trans password and current login password.

chore: add message format.
2026-01-20 15:37:37 +05:30
parent b1cf06ef08
commit 785db2c8a4
3 changed files with 42 additions and 3 deletions
--- a/src/controllers/auth.controller.js
+++ b/src/controllers/auth.controller.js
@@ -244,6 +244,24 @@ async function setTransPassword(req, res) {
    const user = await authService.findUserByCustomerNo(customerNo);
    if (!user) return res.status(404).json({ error: 'USER_NOT_FOUND' });
    const { transaction_password } = req.body;
+    // if (user.transaction_password) {
+    //   const isMatchWithOldPassword = await comparePassword(
+    //     transaction_password,
+    //     user.transaction_password
+    //   );
+    //   if (isMatchWithOldPassword)
+    //     return res.status(500).json({
+    //       error: 'New transaction Password will be different from Previous Password',
+    //     });
+    // }
+    const isMatchWithLoginPassword = await comparePassword(
+      transaction_password,
+      user.password_hash
+    );
+    if (isMatchWithLoginPassword)
+      return res.status(500).json({
+        error: 'New transaction Password will be different from Login Password',
+      });
    authService.setTransactionPassword(customerNo, transaction_password);
    return res.json({ message: 'Transaction Password set' });
  } catch (error) {
@@ -308,6 +326,14 @@ async function changeTransPassword(req, res) {
        error:
          'New Transaction Password will be different from Previous Transaction Password',
      });
+    const isMatchWithLoginPassword = await comparePassword(
+      newTPsw,
+      user.password_hash
+    );
+    if (isMatchWithLoginPassword)
+      return res.status(500).json({
+        error: 'New transaction Password will be different from Login Password',
+      });
    authService.changeTransPassword(customerNo, newTPsw);
    return res.json({
      message: 'New Transaction Password changed successfully',
--- a/src/controllers/otp.controller.js
+++ b/src/controllers/otp.controller.js
@@ -114,6 +114,12 @@ async function SendOtp(req, res) {
      case 'TLIMIT_SET':
        message = templates.TLIMIT_SET(amount);
        break;
+      case 'LPWORD_CHANGE':
+        message = templates.LPWORD_CHANGE;
+        break;
+      case 'TPWORD_CHANGE':
+        message = templates.TPWORD_CHANGE;
+        break;
      default:
        return res.status(400).json({ error: 'Invalid OTP type' });
    }
@@ -194,6 +200,7 @@ async function sendForSetPassword(req, res) {
      }
    );
    await setJson(`otp:${mobileNumber}`, otp, 300);
+    logger.info(`Sent OTP [${otp}] to ${mobileNumber}`);
    return res.status(200).json({ message: 'OTP_SENT' });
  } catch (err) {
    logger.error(err, 'Error sending OTP');
--- a/src/util/sms_template.js
+++ b/src/util/sms_template.js
@@ -59,6 +59,12 @@ const templates = {

  TLIMIT_SET: (amount) =>
    `Dear Customer,Your transaction limit for Internet Banking is set to Rs ${amount}. -KCCB`,
+
+  LPWORD_CHANGE:
+    `Dear Customer, Your Login password has been successfully updated. If you did not initiate this, please contact your nearest branch immediately. -KCCB`,
+
+  TPWORD_CHANGE: 
+    `Dear Customer, Your transaction password has been successfully updated. If you did not initiate this, please contact your nearest branch immediately. -KCCB`,
 };

 module.exports = templates;