refactor(core): Introduce password utility (no-changelog) (#7979)

## Summary Provide details about your pull request and what it adds, fixes, or changes. Photos and videos are recommended. Continue breaking down `UserManagementHelper.ts` ... #### How to test the change: 1. ... ## Issues fixed Include links to Github issue or Community forum post or **Linear ticket**: > Important in order to close automatically and provide context to reviewers ... ## Review / Merge checklist - [ ] PR title and summary are descriptive. **Remember, the title automatically goes into the changelog. Use `(no-changelog)` otherwise.** ([conventions](https://github.com/n8n-io/n8n/blob/master/.github/pull_request_title_conventions.md)) - [ ] [Docs updated](https://github.com/n8n-io/n8n-docs) or follow-up ticket created. - [ ] Tests included. > A bug is not considered fixed, unless a test is added to prevent it from happening again. A feature is not complete without tests. > > *(internal)* You can use Slack commands to trigger [e2e tests](https://www.notion.so/n8n/How-to-use-Test-Instances-d65f49dfc51f441ea44367fb6f67eb0a?pvs=4#a39f9e5ba64a48b58a71d81c837e8227) or [deploy test instance](https://www.notion.so/n8n/How-to-use-Test-Instances-d65f49dfc51f441ea44367fb6f67eb0a?pvs=4#f6a177d32bde4b57ae2da0b8e454bfce) or [deploy early access version on Cloud](https://www.notion.so/n8n/Cloudbot-3dbe779836004972b7057bc989526998?pvs=4#fef2d36ab02247e1a0f65a74f6fb534e).
2025-12-16 09:36:44 +00:00 · 2023-12-11 18:23:42 +01:00
parent 240d259260
commit c378f60a25
18 changed files with 206 additions and 98 deletions
--- a/packages/cli/src/controllers/me.controller.ts
+++ b/packages/cli/src/controllers/me.controller.ts
@@ -4,7 +4,7 @@ import { Response } from 'express';
 import { Service } from 'typedi';
 import { randomBytes } from 'crypto';
 import { Authorized, Delete, Get, Patch, Post, RestController } from '@/decorators';
-import { compareHash, hashPassword, validatePassword } from '@/UserManagement/UserManagementHelper';
+import { PasswordUtility } from '@/services/password.utility';
 import { validateEntity } from '@/GenericHelpers';
 import { issueCookie } from '@/auth/jwt';
 import type { User } from '@db/entities/User';
@@ -31,6 +31,7 @@ export class MeController {
 		private readonly externalHooks: ExternalHooks,
 		private readonly internalHooks: InternalHooks,
 		private readonly userService: UserService,
+		private readonly passwordUtility: PasswordUtility,
 	) {}

 	/**
@@ -119,14 +120,17 @@ export class MeController {
 			throw new BadRequestError('Requesting user not set up.');
 		}

-		const isCurrentPwCorrect = await compareHash(currentPassword, req.user.password);
+		const isCurrentPwCorrect = await this.passwordUtility.compare(
+			currentPassword,
+			req.user.password,
+		);
 		if (!isCurrentPwCorrect) {
 			throw new BadRequestError('Provided current password is incorrect.');
 		}

-		const validPassword = validatePassword(newPassword);
+		const validPassword = this.passwordUtility.validate(newPassword);

-		req.user.password = await hashPassword(validPassword);
+		req.user.password = await this.passwordUtility.hash(validPassword);

 		const user = await this.userService.save(req.user);
 		this.logger.info('Password updated successfully', { userId: user.id });