Skip to content

Commit 98ee666

Browse files
Harden partner login password checks
1 parent a3c2c00 commit 98ee666

1 file changed

Lines changed: 21 additions & 1 deletion

File tree

backend/routes/deliveryPartnerRoutes.js

Lines changed: 21 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -315,7 +315,27 @@ deliveryPartnerRouter.post(
315315
});
316316
}
317317

318-
const isPasswordValid = await bcrypt.compare(password, deliveryPartner.passwordHash);
318+
const storedPasswordHash = typeof deliveryPartner.passwordHash === 'string'
319+
? deliveryPartner.passwordHash
320+
: '';
321+
322+
if (!storedPasswordHash) {
323+
return response.status(401).json({
324+
success: false,
325+
message: 'Password is not set for this account. Please use Forgot Password to reset it.',
326+
});
327+
}
328+
329+
let isPasswordValid = false;
330+
try {
331+
isPasswordValid = await bcrypt.compare(password, storedPasswordHash);
332+
} catch {
333+
return response.status(401).json({
334+
success: false,
335+
message: 'Password record is invalid for this account. Please use Forgot Password to reset it.',
336+
});
337+
}
338+
319339
if (!isPasswordValid) {
320340
return response.status(401).json({
321341
success: false,

0 commit comments

Comments
 (0)