update user.password to be optional per mongoose schema

clairep94 · clairep94 · commit 6332a45137ab · 2025-10-09T18:29:47.000+01:00
diff --git a/server/controllers/user.controller/authManagement.ts b/server/controllers/user.controller/authManagement.ts
@@ -129,25 +129,16 @@ export const updateSettings: RequestHandler<
         res.status(401).json({ error: 'Current password is not provided.' });
         return;
       }
-
+    }
+    if (req.body.currentPassword) {
       const isMatch = await user.comparePassword(req.body.currentPassword);
       if (!isMatch) {
         res.status(401).json({ error: 'Current password is invalid.' });
         return;
       }
-      user.password = req.body.newPassword;
+      user.password = req.body.newPassword!;
       await saveUser(res, user);
-    }
-    // if (req.body.currentPassword) {
-    //   const isMatch = await user.comparePassword(req.body.currentPassword);
-    //   if (!isMatch) {
-    //     res.status(401).json({ error: 'Current password is invalid.' });
-    //     return;
-    //   }
-    //   user.password = req.body.newPassword!;
-    //   await saveUser(res, user);
-    // }
-    else if (user.email !== req.body.email) {
+    } else if (user.email !== req.body.email) {
       const EMAIL_VERIFY_TOKEN_EXPIRY_TIME = Date.now() + 3600000 * 24; // 24 hours
       user.verified = User.EmailConfirmation().Sent;
 
diff --git a/server/models/__test__/user.test.ts b/server/models/__test__/user.test.ts
@@ -35,7 +35,7 @@ describe('User model', () => {
     await user.save();
 
     expect(user.password).not.toBe('mypassword');
-    const match = await bcrypt.compare('mypassword', user.password);
+    const match = await bcrypt.compare('mypassword', user.password!);
     expect(match).toBe(true);
   });
 
diff --git a/server/types/user.ts b/server/types/user.ts
@@ -9,7 +9,7 @@ import { Error, GenericResponseBody, RouteParam } from './express';
 export interface IUser extends VirtualId, MongooseTimestamps {
   name: string;
   username: string;
-  password: string;
+  password?: string;
   resetPasswordToken?: string;
   resetPasswordExpires?: number;
   verified?: string;
@@ -93,6 +93,13 @@ export type PublicUserOrErrorOrGeneric =
   | PublicUserOrError
   | GenericResponseBody;
 
+export interface UpdateSettingsRequestBody {
+  username: string;
+  email: string;
+  newPassword?: string;
+  currentPassword?: string;
+}
+
 /**
  * Response body used for unlinkGithub and unlinkGoogle
  *   - If user is not logged in, a GenericResponseBody with 404 is returned
