diff --git a/packages/password/src/accounts-password.ts b/packages/password/src/accounts-password.ts index 4de906b96..40d208b1b 100644 --- a/packages/password/src/accounts-password.ts +++ b/packages/password/src/accounts-password.ts @@ -127,7 +127,7 @@ export interface AccountsPasswordOptions { * Function that check if the password is valid. * This function will be called when you call `createUser` and `changePassword`. */ - validatePassword?: (password?: string) => boolean; + validatePassword?: (password?: string, user?: T) => Promise; /** * Function that check if the username is a valid username. * This function will be called when you call `createUser`. @@ -164,7 +164,7 @@ const defaultOptions = { validateEmail(email?: string): boolean { return isString(email) && isEmail(email); }, - validatePassword(password?: string): boolean { + async validatePassword(password?: string): Promise { return isString(password) && password !== ''; }, validateUsername(username?: string): boolean { @@ -365,12 +365,6 @@ export default class AccountsPassword if (!token || !isString(token)) { throw new AccountsJsError(this.options.errors.invalidToken, ResetPasswordErrors.InvalidToken); } - if (!this.options.validatePassword(newPassword)) { - throw new AccountsJsError( - this.options.errors.invalidNewPassword, - ResetPasswordErrors.InvalidNewPassword - ); - } const user = await this.db.findUserByResetPasswordToken(token); if (!user) { @@ -380,6 +374,13 @@ export default class AccountsPassword ); } + if (!(await this.options.validatePassword(newPassword, user))) { + throw new AccountsJsError( + this.options.errors.invalidNewPassword, + ResetPasswordErrors.InvalidNewPassword + ); + } + const resetTokens = getUserResetTokens(user); const resetTokenRecord = resetTokens.find((t) => t.token === token); @@ -471,15 +472,15 @@ export default class AccountsPassword oldPassword: string, newPassword: string ): Promise { - if (!this.options.validatePassword(newPassword)) { + const user = await this.passwordAuthenticator({ id: userId }, oldPassword); + + if (!(await this.options.validatePassword(newPassword, user))) { throw new AccountsJsError( this.options.errors.invalidPassword, ChangePasswordErrors.InvalidPassword ); } - const user = await this.passwordAuthenticator({ id: userId }, oldPassword); - const password = await this.options.hashPassword(newPassword); await this.db.setPassword(userId, password); @@ -676,7 +677,7 @@ export default class AccountsPassword } if (user.password) { - if (!this.options.validatePassword(user.password)) { + if (!(await this.options.validatePassword(user.password))) { throw new AccountsJsError( this.options.errors.invalidPassword, CreateUserErrors.InvalidPassword