From ccf22739d7fba24919130ff48bc8fca698de55a8 Mon Sep 17 00:00:00 2001
From: rakeshSgr <rakesh.k@pacewisdom.com>
Date: Fri, 1 Apr 2022 17:29:46 +0530
Subject: [PATCH] reset api changes

---
 constants/api-responses.js |  3 ++-
 services/helper/account.js | 10 +++++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/constants/api-responses.js b/constants/api-responses.js
index 6f77f13aa..cba90959b 100644
--- a/constants/api-responses.js
+++ b/constants/api-responses.js
@@ -48,5 +48,6 @@ module.exports = {
     "USERS_FETCHED_SUCCESSFULLY": "Users fetched successfully.",
     "INVALID_SECRET_CODE": "Incorrect code. Please try again.",
     "USER_ROLE_UPDATED": "You have been logged out of your account due to change in platform role. Please login again.",
-    "UNABLE_TO_SEND_OTP": "Unable to send otp, may be redis server is down."
+    "UNABLE_TO_SEND_OTP": "Unable to send otp, may be redis server is down.",
+    "RESET_PREVIOUS_PASSWORD": "Please enter a new password, that has not been used before"
 };
\ No newline at end of file
diff --git a/services/helper/account.js b/services/helper/account.js
index 6eb43491c..3f9efd666 100644
--- a/services/helper/account.js
+++ b/services/helper/account.js
@@ -381,7 +381,7 @@ module.exports = class AccountHelper {
     */
 
     static async resetPassword(bodyData) {
-        const projection = { refreshTokens: 0, "designation.deleted": 0, "designation._id": 0, "areasOfExpertise.deleted": 0, "areasOfExpertise._id": 0, "location.deleted": 0, "location._id": 0, password: 0 };
+        const projection = { refreshTokens: 0, "designation.deleted": 0, "designation._id": 0, "areasOfExpertise.deleted": 0, "areasOfExpertise._id": 0, "location.deleted": 0, "location._id": 0 };
         try {
             let user = await usersData.findOne({ 'email.address': bodyData.email }, projection);
             if (!user) {
@@ -392,6 +392,10 @@ module.exports = class AccountHelper {
             if (!redisData || redisData.otp != bodyData.otp) {
                 return common.failureResponse({ message: apiResponses.RESET_OTP_INVALID, statusCode: httpStatusCode.bad_request, responseCode: 'CLIENT_ERROR' });
             }
+            const isPasswordCorrect = bcryptJs.compareSync(bodyData.password, user.password);
+            if (isPasswordCorrect) {
+                return common.failureResponse({ message: apiResponses.RESET_PREVIOUS_PASSWORD, statusCode: httpStatusCode.bad_request, responseCode: 'CLIENT_ERROR' });
+            }
 
             const salt = bcryptJs.genSaltSync(10);
             bodyData.password = bcryptJs.hashSync(bodyData.password, salt);
@@ -405,6 +409,8 @@ module.exports = class AccountHelper {
                 }
             };
 
+            
+
             const accessToken = utilsHelper.generateToken(tokenDetail, process.env.ACCESS_TOKEN_SECRET, '1d');
             const refreshToken = utilsHelper.generateToken(tokenDetail, process.env.REFRESH_TOKEN_SECRET, '183d');
 
@@ -418,8 +424,10 @@ module.exports = class AccountHelper {
             await usersData.updateOneUser({ _id: user._id }, updateParams);
 
             /* Mongoose schema is in strict mode, so can not delete otpInfo directly */
+            delete user._doc.password;
             user = { ...user._doc };
             delete user.otpInfo;
+            
             const result = { access_token: accessToken, refresh_token: refreshToken, user };
 
             return common.successResponse({ statusCode: httpStatusCode.ok, message: apiResponses.PASSWORD_RESET_SUCCESSFULLY, result });