From 8e6350cd22921484f11c8d268742da0bc7b62681 Mon Sep 17 00:00:00 2001
From: raclim <raclim@nyu.edu>
Date: Tue, 23 Apr 2024 14:29:50 -0400
Subject: [PATCH] check if pw exists before calling brcypt, add error msging

---
 server/models/user.js | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/server/models/user.js b/server/models/user.js
index ab83e507a8..e7b85a8af7 100644
--- a/server/models/user.js
+++ b/server/models/user.js
@@ -162,7 +162,16 @@ userSchema.set('toJSON', {
 userSchema.methods.comparePassword = async function comparePassword(
   candidatePassword
 ) {
-  return bcrypt.compare(candidatePassword, this.password);
+  if (!this.password) {
+    throw new Error('No password is set for this user.');
+  }
+
+  try {
+    return await bcrypt.compare(candidatePassword, this.password);
+  } catch (error) {
+    console.error('Password comparison failed!', error);
+    return false;
+  }
 };
 
 /**