From a662b19db334d34ec2d3ff70b00f80cdbbfd3cae Mon Sep 17 00:00:00 2001
From: Geison Goulart Piegas <59943483+GeisonPiegas@users.noreply.github.com>
Date: Thu, 10 Oct 2024 23:12:19 -0300
Subject: [PATCH] fix(core): forgot password on the first access of migrated
 users (#6642)

Update packages/core/src/routes/interaction/verifications/profile-verification.ts

Co-authored-by: wangsijie <sijiewg@gmail.com>

fixing code duplication

fixing eslint

fix(core): changing the mock response
---
 .../profile-verification.forgot-password.test.ts         | 8 ++++++--
 .../interaction/verifications/profile-verification.ts    | 9 +++++++--
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/packages/core/src/routes/interaction/verifications/profile-verification.forgot-password.test.ts b/packages/core/src/routes/interaction/verifications/profile-verification.forgot-password.test.ts
index 702debd27..104e02f25 100644
--- a/packages/core/src/routes/interaction/verifications/profile-verification.forgot-password.test.ts
+++ b/packages/core/src/routes/interaction/verifications/profile-verification.forgot-password.test.ts
@@ -1,4 +1,4 @@
-import { InteractionEvent } from '@logto/schemas';
+import { InteractionEvent, UsersPasswordEncryptionMethod } from '@logto/schemas';
 import { createMockUtils, pickDefault } from '@logto/shared/esm';
 
 import RequestError from '#src/errors/RequestError/index.js';
@@ -9,7 +9,11 @@ import type { Identifier } from '../types/index.js';
 const { jest } = import.meta;
 const { mockEsm } = createMockUtils(jest);
 
-const findUserById = jest.fn().mockResolvedValue({ id: 'foo', passwordEncrypted: 'passwordHash' });
+const findUserById = jest.fn().mockResolvedValue({
+  id: 'foo',
+  passwordEncrypted: 'passwordHash',
+  passwordEncryptionMethod: UsersPasswordEncryptionMethod.Argon2i,
+});
 
 const tenantContext = new MockTenant(undefined, { users: { findUserById } });
 
diff --git a/packages/core/src/routes/interaction/verifications/profile-verification.ts b/packages/core/src/routes/interaction/verifications/profile-verification.ts
index 066b40ce0..217fe1652 100644
--- a/packages/core/src/routes/interaction/verifications/profile-verification.ts
+++ b/packages/core/src/routes/interaction/verifications/profile-verification.ts
@@ -1,5 +1,5 @@
 import type { Profile, User } from '@logto/schemas';
-import { InteractionEvent } from '@logto/schemas';
+import { InteractionEvent, UsersPasswordEncryptionMethod } from '@logto/schemas';
 import { argon2Verify } from 'hash-wasm';
 
 import RequestError from '#src/errors/RequestError/index.js';
@@ -192,10 +192,15 @@ export default async function verifyProfile(
 
   const passwordProfile = passwordProfileResult.data;
 
-  const { passwordEncrypted: oldPasswordEncrypted } = await findUserById(accountId);
+  const { passwordEncrypted: oldPasswordEncrypted, passwordEncryptionMethod } = await findUserById(
+    accountId
+  );
 
+  // Only compare password if the encryption method (algorithm) is Argon2i
+  // if the user is migrated, this check will be skipped
   assertThat(
     !oldPasswordEncrypted ||
+      passwordEncryptionMethod !== UsersPasswordEncryptionMethod.Argon2i ||
       !(await argon2Verify({ password: passwordProfile.password, hash: oldPasswordEncrypted })),
     new RequestError({ code: 'user.same_password', status: 422 })
   );