ushahidi · Mh-Asmi · Mar 24, 2025
diff --git a/app/Providers/BusServiceProvider.php b/app/Providers/BusServiceProvider.php
@@ -675,6 +675,11 @@ private function registerQueries(): void
                 HXL\Handlers\FetchHXLMetadataByIdQueryHandler::class
             );
 
+            $queryBus->register(
+                Auth\Queries\CheckOldPasswordQuery::class,
+                Auth\Handlers\CheckOldPasswordQueryHandler::class
+            );
+
 
 
 

diff --git a/src/Ushahidi/Modules/V5/Actions/Auth/Handlers/CheckOldPasswordQueryHandler.php b/src/Ushahidi/Modules/V5/Actions/Auth/Handlers/CheckOldPasswordQueryHandler.php
@@ -0,0 +1,47 @@
+<?php
+
+namespace Ushahidi\Modules\V5\Actions\Auth\Handlers;
+
+use App\Bus\Action;
+use App\Bus\Query\Query;
+use Ushahidi\Modules\V5\Repository\User\UserRepository;
+use Ushahidi\Modules\V5\Actions\Auth\Queries\CheckOldPasswordQuery;
+use Ushahidi\Modules\V5\Actions\V5QueryHandler;
+use Ushahidi\Core\Tool\Hasher\Password as PasswordHash;
+
+class CheckOldPasswordQueryHandler extends V5QueryHandler
+{
+    private $user_repository;
+
+    public function __construct(UserRepository $user_repository)
+    {
+        $this->user_repository = $user_repository;
+    }
+
+    protected function isSupported(Query $query): void
+    {
+        if (!$query instanceof CheckOldPasswordQuery) {
+            throw new \Exception('Provided $query is not instance of CheckOldPasswordQuery');
+        }
+    }
+
+    public function __invoke(Action $action)
+    {
+        /**
+         * @var UpdateContactCommand $action
+         */
+        $this->isSupported($action);
+        $user = $this->user_repository->findByEmail($action->getEmail());
+        if ($user) {
+            $password_to_check = (new PasswordHash())->hash($action->getPasswordToCheck());
+            if ($password_to_check === $user->password) {
+                return 1;
+            }
+            // password not correct
+            return 0;
+        } else {
+            // user not found
+            return 0;
+        }
+    }
+}
diff --git a/src/Ushahidi/Modules/V5/Actions/Auth/Queries/CheckOldPasswordQuery.php b/src/Ushahidi/Modules/V5/Actions/Auth/Queries/CheckOldPasswordQuery.php
@@ -0,0 +1,34 @@
+<?php
+
+namespace Ushahidi\Modules\V5\Actions\Auth\Queries;
+
+use App\Bus\Query\Query;
+use Illuminate\Http\Request;
+
+class CheckOldPasswordQuery implements Query
+{
+
+    private $email;
+    private $passwordToCheck;
+
+    public function __construct(string $email, string $password)
+    {
+        $this->email = $email;
+        $this->passwordToCheck = $password;
+    }
+
+    public static function fromRequest(Request $request): self
+    {
+        $query =  new self($request->get('email'), $request->get('password'));
+        return $query;
+    }
+    public function getEmail(): string
+    {
+        return $this->email;
+    }
+
+    public function getPasswordToCheck(): string
+    {
+        return $this->passwordToCheck;
+    }
+}
diff --git a/src/Ushahidi/Modules/V5/Http/Controllers/AuthController.php b/src/Ushahidi/Modules/V5/Http/Controllers/AuthController.php
@@ -6,9 +6,9 @@
 use Ushahidi\Modules\V5\Actions\Auth\Commands\RegisterCommand;
 use Ushahidi\Modules\V5\Actions\Auth\Commands\PasswordResetCommand;
 use Ushahidi\Modules\V5\Actions\Auth\Commands\PasswordResetConfirmCommand;
+use Ushahidi\Modules\V5\Actions\Auth\Queries\CheckOldPasswordQuery;
 use Ushahidi\Modules\V5\Requests\RegisterRequest;
 use Ushahidi\Modules\V5\Requests\ResetPasswordRequest;
-use Ushahidi\Modules\V5\Requests\PasswordresetConfirmRequest;
 use Ushahidi\Modules\V5\Http\Resources\User\UserResource;
 use Ushahidi\Modules\V5\Actions\User\Queries\FetchUserByIdQuery;
 use Ushahidi\Modules\V5\Models\User;
@@ -65,4 +65,21 @@ public function confirm(PasswordresetConfirmRequest $request)
 
         $command = PasswordResetConfirmCommand::fromRequest($request);
     } //end register()
+
+    /**
+     * check old password.
+     *
+     * @param Request $request
+     * @return \Illuminate\Http\JsonResponse
+     */
+    public function check(Request $request)
+    {
+        if ($this->queryBus->handle(CheckOldPasswordQuery::fromRequest($request))) {
+            return response()->json(['result' => ['confirm-reset-password' => true]]);
+        } else {
+            return response()->json(['result' => ['confirm-reset-password' => false]]);
+        }
+
+       // $command = PasswordCheckRequest::fromRequest($request);
+    }
 } //end class
diff --git a/src/Ushahidi/Modules/V5/routes/api.php b/src/Ushahidi/Modules/V5/routes/api.php
@@ -464,6 +464,8 @@ function () use ($router) {
     // Password reset
     $router->post('/passwordreset', 'AuthController@reset');
     $router->post('/passwordreset/confirm', 'AuthController@confirm');
+    $router->get('/passwordreset/check', 'AuthController@check');
+
 
     // Register
     $router->post('/register', 'AuthController@register');