From 0238e223939bd05d23835113f4b932248d190132 Mon Sep 17 00:00:00 2001
From: alex <alex@roese.dev>
Date: Sun, 28 Jan 2024 21:04:34 +0100
Subject: [PATCH] password on first login

---
 src/controllers/userController.ts | 37 ++++++++++++++++++++-----------
 1 file changed, 24 insertions(+), 13 deletions(-)

diff --git a/src/controllers/userController.ts b/src/controllers/userController.ts
index 183c99f..479e901 100644
--- a/src/controllers/userController.ts
+++ b/src/controllers/userController.ts
@@ -167,12 +167,23 @@ export async function Login(req: Request, res: Response) {
       return res.status(400).send({ err: "invalid request" });
     }
 
-    // compare password
+    let updateData = {};
 
-    const match = await matchPassword(decodedPassword, user.password);
+    // if user state is INIT_LOGIN, then user is logging in for the first time and needs to set their password
+    if (user.state === ACCOUNT_STATE.INIT_LOGIN) {
+      // hash password
 
-    if (!match) {
-      return res.status(400).send({ err: "invalid request" });
+      updateData = {
+        password: await hashPassword(decodedPassword),
+      };
+    } else {
+      // compare password
+
+      const match = await matchPassword(decodedPassword, user.password);
+
+      if (!match) {
+        return res.status(400).send({ err: "invalid request" });
+      }
     }
 
     // check user state
@@ -183,16 +194,16 @@ export async function Login(req: Request, res: Response) {
     ) {
       // update user state back to active
 
-      User.update(
-        {
-          state: ACCOUNT_STATE.ACTIVE,
+      updateData = {
+        ...updateData,
+        state: ACCOUNT_STATE.ACTIVE,
+      };
+
+      User.update(updateData, {
+        where: {
+          user_id: user.user_id,
         },
-        {
-          where: {
-            user_id: user.user_id,
-          },
-        }
-      );
+      });
     }
 
     // create session