allow changing the password when using social logins

ZerNico · May 31, 2023 · d385b9f · d385b9f
1 parent 51e6831
commit d385b9f
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 3 deletions.
diff --git a/apps/api/prisma/migrations/20230531151133_username_not_unique/migration.sql b/apps/api/prisma/migrations/20230531151133_username_not_unique/migration.sql
@@ -0,0 +1,2 @@
+-- DropIndex
+DROP INDEX "User_username_key";
diff --git a/apps/api/prisma/schema.prisma b/apps/api/prisma/schema.prisma
@@ -13,7 +13,7 @@ datasource db {
 
 model User {
   id            String      @id @unique
-  username      String      @unique
+  username      String
   picture       String?
   email         String?
   emailVerified Boolean?

diff --git a/apps/api/src/logto/management-api.ts b/apps/api/src/logto/management-api.ts
@@ -47,6 +47,9 @@ export class ManagementApiClient {
   }
 
   public async verifyPassword(userId: string, password: string) {
+    if (password.length === 0)
+      throw new LogtoError({ code: 'session.invalid_credentials', message: 'Invalid credentials.' })
+
     const response = await ofetch<LogtoUser>(joinURL(env.LOGTO_URL, 'api', 'users', userId, 'password', 'verify'), {
       method: 'POST',
       headers: {
@@ -75,4 +78,20 @@ export class ManagementApiClient {
     })
     return response
   }
+
+  public async hasPassword(userId: string) {
+    const response = await ofetch<{ hasPassword: boolean }>(
+      joinURL(env.LOGTO_URL, 'api', 'users', userId, 'has-password'),
+      {
+        method: 'GET',
+        headers: {
+          Authorization: `Bearer ${await this.getToken()}`,
+        },
+      }
+    ).catch((err) => {
+      throw new LogtoError(err.data)
+    })
+
+    return response
+  }
 }
diff --git a/apps/api/src/trpc/routes/user/index.ts b/apps/api/src/trpc/routes/user/index.ts
@@ -100,7 +100,17 @@ export const userRouter = router({
     )
     .mutation(async ({ ctx, input }) => {
       try {
-        await ctx.mm.verifyPassword(ctx.user.id, input.currentPassword)
+        const [hasPassword, verifyPassword] = await Promise.allSettled([
+          ctx.mm.hasPassword(ctx.user.id),
+          ctx.mm.verifyPassword(ctx.user.id, input.currentPassword),
+        ])
+
+        if (hasPassword.status === 'rejected') {
+          throw hasPassword.reason
+        } else if (verifyPassword.status === 'rejected' && hasPassword.value.hasPassword) {
+          throw verifyPassword.reason
+        }
+
         await ctx.mm.updatePassword(ctx.user.id, input.newPassword)
       } catch (err) {
         if (err instanceof LogtoError && err.code === 'session.invalid_credentials') {

diff --git a/apps/web/pages/user/edit-profile/password.vue b/apps/web/pages/user/edit-profile/password.vue
@@ -7,7 +7,7 @@ definePageMeta({
   layout: 'auth',
 })
 
-const { claims, fetchContext, signIn } = useLogto()
+const { claims, signIn } = useLogto()
 const { client } = useTRPC()
 const { t } = useI18n()
 const { notify } = useNotification()