password on first login

src/controllers/userController.ts

@@ -167,12 +167,23 @@ export async function Login(req: Request, res: Response) {
       return res.status(400).send({ err: "invalid request" });
     }
 
-    // compare password
+    let updateData = {};
 
-    const match = await matchPassword(decodedPassword, user.password);
+    // if user state is INIT_LOGIN, then user is logging in for the first time and needs to set their password
+    if (user.state === ACCOUNT_STATE.INIT_LOGIN) {
+      // hash password
 
-    if (!match) {
+      updateData = {
-      return res.status(400).send({ err: "invalid request" });
+        password: await hashPassword(decodedPassword),
+      };
+    } else {
+      // compare password
+
+      const match = await matchPassword(decodedPassword, user.password);
+
+      if (!match) {
+        return res.status(400).send({ err: "invalid request" });
+      }
     }
 
     // check user state
@@ -183,16 +194,16 @@ export async function Login(req: Request, res: Response) {
     ) {
       // update user state back to active
 
-      User.update(
+      updateData = {
-        {
+        ...updateData,
-          state: ACCOUNT_STATE.ACTIVE,
+        state: ACCOUNT_STATE.ACTIVE,
+      };
+
+      User.update(updateData, {
+        where: {
+          user_id: user.user_id,
         },
-        {
+      });
-          where: {
-            user_id: user.user_id,
-          },
-        }
-      );
     }
 
     // create session