fix verify password response#125
Conversation
There was a problem hiding this comment.
Pull request overview
This pull request modifies the password verification logic to throw an exception when the password is incorrect, rather than returning a boolean value. However, this creates an inconsistency between the service layer (which now throws exceptions) and the controller layer (which still expects and handles boolean return values).
Key Changes:
- Modified
verifyCurrentPasswordmethod to throwBadRequestExceptionfor incorrect passwords instead of returningfalse - Updated controller response message from conditional to hardcoded "Correct Password"
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| src/auth/services/password/password.service.ts | Changed verifyCurrentPassword to throw exception on password mismatch instead of returning false |
| src/auth/auth.controller.ts | Updated response message to hardcoded string, but retained isValid field that will always be true |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| if (isMatched) { | ||
| return true; | ||
| } | ||
| throw new BadRequestException('incorrect password'); |
There was a problem hiding this comment.
The error message should be capitalized to match the pattern used in other error messages in the codebase. For example, line 174 uses "Old password is incorrect" with proper capitalization.
| throw new BadRequestException('incorrect password'); | |
| throw new BadRequestException('Incorrect password'); |
| if (isMatched) { | ||
| return true; | ||
| } | ||
| throw new BadRequestException('incorrect password'); |
There was a problem hiding this comment.
The API design has a fundamental issue. The service method now throws a BadRequestException when the password is incorrect (line 195), which means it will never return false. However, the controller code still expects a boolean return value and includes isValid in the response data (line 773). This creates an inconsistent API where:
- If the password is correct, it returns
{ status: 'success', data: { isValid: true }, message: 'Correct Password' } - If the password is incorrect, it throws an exception instead of returning
{ data: { isValid: false } }
This breaks the original API contract where the endpoint would return both success and failure states without throwing exceptions. Either:
- Remove the exception and return
falsewhen the password is incorrect (reverting to the original behavior), OR - Remove the
isValidfield from the response data since it will always betrueif the endpoint doesn't throw an exception
| throw new BadRequestException('incorrect password'); | |
| return false; |
| isValid, | ||
| }, | ||
| message: isValid ? 'Password is correct' : 'Password is incorrect', | ||
| message: 'Correct Password', |
There was a problem hiding this comment.
The hardcoded message 'Correct Password' is inconsistent with the new error handling in the service. Since verifyCurrentPassword now throws a BadRequestException for incorrect passwords (line 195 in password.service.ts), the conditional message is no longer needed. However, the isValid field in the response data (line 773) will always be true when this line is reached, making it redundant. Consider updating the API documentation to reflect that this endpoint now throws a 400 error for incorrect passwords instead of returning isValid: false.
No description provided.