fix(core): Password change checks pw validity (#1745)

packages/core/src/api/resolvers/base/base-auth.resolver.ts

@@ -1,4 +1,7 @@
-import { AuthenticationResult as ShopAuthenticationResult } from '@vendure/common/lib/generated-shop-types';
+import {
+    AuthenticationResult as ShopAuthenticationResult,
+    PasswordValidationError,
+} from '@vendure/common/lib/generated-shop-types';
 import {
     AuthenticationResult as AdminAuthenticationResult,
     CurrentUser,
@@ -138,7 +141,7 @@ export class BaseAuthResolver {
         ctx: RequestContext,
         currentPassword: string,
         newPassword: string,
-    ): Promise<boolean | InvalidCredentialsError> {
+    ): Promise<boolean | InvalidCredentialsError | PasswordValidationError> {
         const { activeUserId } = ctx;
         if (!activeUserId) {
             throw new ForbiddenError();

packages/core/src/service/services/user.service.ts

@@ -367,7 +367,7 @@ export class UserService {
         userId: ID,
         currentPassword: string,
         newPassword: string,
-    ): Promise<boolean | InvalidCredentialsError> {
+    ): Promise<boolean | InvalidCredentialsError | PasswordValidationError> {
         const user = await this.connection
             .getRepository(ctx, User)
             .createQueryBuilder('user')
@@ -378,6 +378,11 @@ export class UserService {
         if (!user) {
             throw new EntityNotFoundError('User', userId);
         }
+        const password = newPassword;
+        const passwordValidationResult = await this.validatePassword(ctx, password);
+        if (passwordValidationResult !== true) {
+            return passwordValidationResult;
+        }
         const nativeAuthMethod = user.getNativeAuthenticationMethod();
         const matches = await this.passwordCipher.check(currentPassword, nativeAuthMethod.passwordHash);
         if (!matches) {