shad0w/pelagia-portal
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(profile): allow empty current password when setting password for first time

Browse source 
SSO users have no passwordHash and should be able to set a local password
without providing a current one. Users with an existing password still
must verify it. Removes the client-side required attribute and updates
the server-side logic accordingly.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Hardik 2026-05-29 00:14:46 +05:30
parent a16f418e71
commit bff9696b7b
2 changed files with 6 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
App/app/(portal)/profile/actions.ts
View file

@ -12,7 +12,7 @@ type Result = { ok: true } | { error: string };
// ── Change password ───────────────────────────────────────────────────────────
const changePasswordSchema = z.object({
currentPassword: z.string().min(1, "Current password is required"),
currentPassword: z.string().optional(),
newPassword: z.string().min(8, "New password must be at least 8 characters"),
});
@ -31,10 +31,12 @@ export async function changePassword(formData: FormData): Promise<Result> {
select: { passwordHash: true },
});
if (!user) return { error: "User not found" };
if (!user.passwordHash) return { error: "Password change is not available for accounts that sign in via Microsoft 365." };
const valid = await bcrypt.compare(parsed.data.currentPassword, user.passwordHash);
if (!valid) return { error: "Current password is incorrect" };
if (user.passwordHash) {
if (!parsed.data.currentPassword) return { error: "Current password is required." };
const valid = await bcrypt.compare(parsed.data.currentPassword, user.passwordHash);
if (!valid) return { error: "Current password is incorrect." };
}
const newHash = await bcrypt.hash(parsed.data.newPassword, 12);
await db.user.update({

1
App/app/(portal)/profile/change-password-form.tsx
View file

@ -43,7 +43,6 @@ export function ChangePasswordForm() {
<input
type="password"
name="currentPassword"
required
autoComplete="current-password"
className="w-full rounded-lg border border-neutral-300 px-3 py-2.5 text-sm focus:border-primary-500 focus:outline-none focus:ring-2 focus:ring-primary-500/20"
/>