Hello-Kitchen · Xantass · Jun 30, 2025 · Jun 29, 2025 · Jun 29, 2025 · Jun 29, 2025
diff --git a/docs/swagger.json b/docs/swagger.json
@@ -1210,7 +1210,6 @@
           {
             "name": "password",
             "in": "query",
-            "description": "Hashed password",
             "required": true,
             "style": "form",
             "explode": true,
@@ -3765,8 +3764,9 @@
           },
           "password": {
             "type": "string",
-            "description": "User's password hashed",
-            "example": "$2a$10$uSADqxe22jNkrHd8mudiCOQpsWsvC2BW3jG.8.dmSLJxzsJJgpM5S"
+            "description": "User's password",
+            "example": "password123",
+            "writeOnly": true
           },
           "firstname": {
             "type": "string",

diff --git a/src/modules/login/login.service.ts b/src/modules/login/login.service.ts
@@ -2,6 +2,7 @@ import { Injectable, BadRequestException } from '@nestjs/common';
 import { JwtService } from '@nestjs/jwt';
 import { DB } from '../../db/db';
 import { User } from '../users/schemas/users.schema';
+import * as bcrypt from 'bcryptjs';
 
 @Injectable()
 /**
@@ -49,8 +50,13 @@ export class LoginService extends DB {
       throw new BadRequestException();
     }
 
+    const hashedPassword = bcrypt.hashSync(
+      password,
+      `${process.env.SALT_HASH}`,
+    );
+
     // Compare the hashed password with the stored password
-    if (password !== user.users[0].password) {
+    if (hashedPassword !== user.users[0].password) {
       // Throw an error if the password does not match
       throw new BadRequestException();
     }

diff --git a/src/modules/users/users.service.ts b/src/modules/users/users.service.ts
@@ -11,6 +11,7 @@ import { Counter } from '../../shared/interfaces/counter.interface';
 import { UsersDto } from './DTO/users.dto';
 import { UpdatePasswordDto } from './DTO/updatepassword.dto';
 import { UsersUpdateDto } from './DTO/usersupdate.dto';
+import * as bcrypt from 'bcryptjs';
 
 @Injectable()
 export class UsersService extends DB {
@@ -100,9 +101,14 @@ export class UsersService extends DB {
 
     body['id'] = counterDoc.sequence_value;
 
+    const newUser = {
+      ...body,
+      password: bcrypt.hashSync(body.password, `${process.env.SALT_HASH}`),
+    };
+
     return db
       .collection('restaurant')
-      .updateOne({ id: idRestaurant }, { $addToSet: { users: body } });
+      .updateOne({ id: idRestaurant }, { $addToSet: { users: newUser } });
   }
 
   /**
@@ -162,7 +168,16 @@ export class UsersService extends DB {
     id: number,
     updatePasswordDto: UpdatePasswordDto,
   ): Promise<UpdateResult> {
-    const { oldPassword, newPassword } = updatePasswordDto;
+    const { oldPassword, newPassword } = {
+      oldPassword: bcrypt.hashSync(
+        updatePasswordDto.oldPassword,
+        `${process.env.SALT_HASH}`,
+      ),
+      newPassword: bcrypt.hashSync(
+        updatePasswordDto.newPassword,
+        `${process.env.SALT_HASH}`,
+      ),
+    };
 
     const user = await this.findById(restaurantId, id);