-
Notifications
You must be signed in to change notification settings - Fork 3
fix verify password response #125
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
|
@@ -188,6 +188,10 @@ export class PasswordService { | |||||||||
| throw new NotFoundException('User not found'); | ||||||||||
| } | ||||||||||
|
|
||||||||||
| return await this.verify(user.password, password); | ||||||||||
| const isMatched: boolean = await this.verify(user.password, password); | ||||||||||
| if (isMatched) { | ||||||||||
| return true; | ||||||||||
| } | ||||||||||
| throw new BadRequestException('incorrect password'); | ||||||||||
|
||||||||||
| throw new BadRequestException('incorrect password'); | |
| throw new BadRequestException('Incorrect password'); |
Copilot
AI
Dec 4, 2025
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The API design has a fundamental issue. The service method now throws a BadRequestException when the password is incorrect (line 195), which means it will never return false. However, the controller code still expects a boolean return value and includes isValid in the response data (line 773). This creates an inconsistent API where:
- If the password is correct, it returns
{ status: 'success', data: { isValid: true }, message: 'Correct Password' } - If the password is incorrect, it throws an exception instead of returning
{ data: { isValid: false } }
This breaks the original API contract where the endpoint would return both success and failure states without throwing exceptions. Either:
- Remove the exception and return
falsewhen the password is incorrect (reverting to the original behavior), OR - Remove the
isValidfield from the response data since it will always betrueif the endpoint doesn't throw an exception
| throw new BadRequestException('incorrect password'); | |
| return false; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The hardcoded message 'Correct Password' is inconsistent with the new error handling in the service. Since
verifyCurrentPasswordnow throws aBadRequestExceptionfor incorrect passwords (line 195 in password.service.ts), the conditional message is no longer needed. However, theisValidfield in the response data (line 773) will always betruewhen this line is reached, making it redundant. Consider updating the API documentation to reflect that this endpoint now throws a 400 error for incorrect passwords instead of returningisValid: false.