From 78f4b1b4e7f3b787dc81b638c08880c6640259a0 Mon Sep 17 00:00:00 2001
From: Jules <jules.gresset@epitech.eu>
Date: Sun, 29 Jun 2025 15:32:23 -0400
Subject: [PATCH 1/4] fix: use bcrypt for password hashing in user
 authentication

---
 src/modules/login/login.service.ts | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/modules/login/login.service.ts b/src/modules/login/login.service.ts
index b2867fe..eb5e550 100644
--- a/src/modules/login/login.service.ts
+++ b/src/modules/login/login.service.ts
@@ -2,6 +2,7 @@ import { Injectable, BadRequestException } from '@nestjs/common';
 import { JwtService } from '@nestjs/jwt';
 import { DB } from '../../db/db';
 import { User } from '../users/schemas/users.schema';
+import * as bcrypt from 'bcryptjs';
 
 @Injectable()
 /**
@@ -49,8 +50,13 @@ export class LoginService extends DB {
       throw new BadRequestException();
     }
 
+    const hashedPassword = bcrypt.hashSync(
+      password,
+      `${process.env.SALT_HASH}`,
+    );
+    
     // Compare the hashed password with the stored password
-    if (password !== user.users[0].password) {
+    if (hashedPassword !== user.users[0].password) {
       // Throw an error if the password does not match
       throw new BadRequestException();
     }

From bd7966ca86fff07537df9c4efdc5800ac2cbf9f2 Mon Sep 17 00:00:00 2001
From: Jules <jules.gresset@epitech.eu>
Date: Sun, 29 Jun 2025 15:34:01 -0400
Subject: [PATCH 2/4] docs: update password description in Swagger
 documentation

---
 docs/swagger.json | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docs/swagger.json b/docs/swagger.json
index 0a4b917..6f423c8 100644
--- a/docs/swagger.json
+++ b/docs/swagger.json
@@ -1210,7 +1210,6 @@
           {
             "name": "password",
             "in": "query",
-            "description": "Hashed password",
             "required": true,
             "style": "form",
             "explode": true,
@@ -3765,7 +3764,7 @@
           },
           "password": {
             "type": "string",
-            "description": "User's password hashed",
+            "description": "User's password",
             "example": "$2a$10$uSADqxe22jNkrHd8mudiCOQpsWsvC2BW3jG.8.dmSLJxzsJJgpM5S"
           },
           "firstname": {

From a0f32c51e98310fa6a3593bdfc28a98f7b13827f Mon Sep 17 00:00:00 2001
From: Jules <jules.gresset@epitech.eu>
Date: Sun, 29 Jun 2025 15:35:48 -0400
Subject: [PATCH 3/4] lint:

---
 src/modules/login/login.service.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/modules/login/login.service.ts b/src/modules/login/login.service.ts
index eb5e550..d60fe03 100644
--- a/src/modules/login/login.service.ts
+++ b/src/modules/login/login.service.ts
@@ -54,7 +54,7 @@ export class LoginService extends DB {
       password,
       `${process.env.SALT_HASH}`,
     );
-    
+
     // Compare the hashed password with the stored password
     if (hashedPassword !== user.users[0].password) {
       // Throw an error if the password does not match

From f6d04f9d5c72ee3274dbfba79047f0a6283565a4 Mon Sep 17 00:00:00 2001
From: Jules <jules.gresset@epitech.eu>
Date: Sun, 29 Jun 2025 15:57:38 -0400
Subject: [PATCH 4/4] feat: implement bcrypt for password hashing in user
 registration and update

---
 docs/swagger.json                  |  3 ++-
 src/modules/users/users.service.ts | 19 +++++++++++++++++--
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/docs/swagger.json b/docs/swagger.json
index 6f423c8..a080378 100644
--- a/docs/swagger.json
+++ b/docs/swagger.json
@@ -3765,7 +3765,8 @@
           "password": {
             "type": "string",
             "description": "User's password",
-            "example": "$2a$10$uSADqxe22jNkrHd8mudiCOQpsWsvC2BW3jG.8.dmSLJxzsJJgpM5S"
+            "example": "password123",
+            "writeOnly": true
           },
           "firstname": {
             "type": "string",
diff --git a/src/modules/users/users.service.ts b/src/modules/users/users.service.ts
index c73da4f..aaed76d 100644
--- a/src/modules/users/users.service.ts
+++ b/src/modules/users/users.service.ts
@@ -11,6 +11,7 @@ import { Counter } from '../../shared/interfaces/counter.interface';
 import { UsersDto } from './DTO/users.dto';
 import { UpdatePasswordDto } from './DTO/updatepassword.dto';
 import { UsersUpdateDto } from './DTO/usersupdate.dto';
+import * as bcrypt from 'bcryptjs';
 
 @Injectable()
 export class UsersService extends DB {
@@ -100,9 +101,14 @@ export class UsersService extends DB {
 
     body['id'] = counterDoc.sequence_value;
 
+    const newUser = {
+      ...body,
+      password: bcrypt.hashSync(body.password, `${process.env.SALT_HASH}`),
+    };
+
     return db
       .collection('restaurant')
-      .updateOne({ id: idRestaurant }, { $addToSet: { users: body } });
+      .updateOne({ id: idRestaurant }, { $addToSet: { users: newUser } });
   }
 
   /**
@@ -162,7 +168,16 @@ export class UsersService extends DB {
     id: number,
     updatePasswordDto: UpdatePasswordDto,
   ): Promise<UpdateResult> {
-    const { oldPassword, newPassword } = updatePasswordDto;
+    const { oldPassword, newPassword } = {
+      oldPassword: bcrypt.hashSync(
+        updatePasswordDto.oldPassword,
+        `${process.env.SALT_HASH}`,
+      ),
+      newPassword: bcrypt.hashSync(
+        updatePasswordDto.newPassword,
+        `${process.env.SALT_HASH}`,
+      ),
+    };
 
     const user = await this.findById(restaurantId, id);