md.asif5/yume_js
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: change tpin match with hashing and not directly

Browse Source
This commit is contained in:
Md Asif
2025-11-08 20:28:21 +05:30
parent b9c9d35f74
commit f922179765
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/controllers/auth.controller.js
View File

@@ -187,12 +187,12 @@ async function changeTpin(req, res) {
if (!user.tpin) if (!user.tpin)
return res.status(400).json({ error: 'USER_DOESNT_HAVE_A_TPIN' }); return res.status(400).json({ error: 'USER_DOESNT_HAVE_A_TPIN' });
const { oldTpin, newTpin } = req.body; const { oldTpin, newTpin } = req.body;
if (oldTpin !== user.tpin) const isMatch = await comparePassword(oldTpin, user.tpin);
return res.status(400).json({ error: 'TPIN_DOESNT_MATCH' }); if (!isMatch) return res.status(400).json({ error: 'TPIN_DOESNT_MATCH' });
if (!/^\d{6}$/.test(newTpin)) if (!/^\d{6}$/.test(newTpin))
return res.status(400).json({ error: 'INVALID_TPIN_FORMAT' }); return res.status(400).json({ error: 'INVALID_TPIN_FORMAT' });
authService.setTpin(customerNo, tpin); await authService.setTpin(customerNo, newTpin);
return res.json({ message: 'TPIN_SET' }); return res.json({ message: 'TPIN_SET' });
} catch (error) { } catch (error) {
logger.error(error); logger.error(error);