From 55d319b527c61658a73ddf8848bfabb889aab704 Mon Sep 17 00:00:00 2001
From: Timothy Carambat <rambat1010@gmail.com>
Date: Mon, 27 Nov 2023 12:47:07 -0600
Subject: [PATCH] Rehash password for admin-user pwd updates (#398)

resolved #397
---
 server/models/user.js | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/server/models/user.js b/server/models/user.js
index c6d6771b66..782a288876 100644
--- a/server/models/user.js
+++ b/server/models/user.js
@@ -21,6 +21,14 @@ const User = {
 
   update: async function (userId, updates = {}) {
     try {
+      // Rehash new password if it exists as update
+      // will be given to us as plaintext.
+      if (updates.hasOwnProperty("password") && updates.password.length >= 8) {
+        updates.password = bcrypt.hashSync(updates.password, 10);
+      } else {
+        delete updates.password;
+      }
+
       await prisma.users.update({
         where: { id: parseInt(userId) },
         data: updates,