nsc-events-fullstack_31_143_password-reuse-validation

[jmathew12]

Summary & Changes 📃

• Resolves: Missing Password Reuse Validation #143

• Summary: (Briefly describe what this PR does)

  • 🔨 What does this issue fix?
  • Currently, the password reset workflow allows users to reset their credentials to the same password they are already using.

This behavior results to:

redundant password hashing & higher compute usage,
unnecessary write operations & increased database transaction volume.
Repeated no-op(no operation) password updates create unnecessary load on the database, increasing compute, storage, and replication costs in managed services like AWS. At scale, this behavior inflates infrastructure costs without improving security or user experience.

To prevent this, enforce a validation during password resets to block the reuse of current or previously used passwords.

• 👀 What is the expected behavior?

• Validation checks will run accordingly and dialog will display Cannot use the same password when trying to reset with duplicate password.

• 🗨️ Any relevant technical details?

• Changes:

  • ✅ List key changes made
  • 🛠️ Mention breaking changes (if any)
  • 🔗 Link relevant discussions/issues
  • 📝 Additional info to assist developers & reviewers
    Added password checks to see if the new password is the same as the current, if yes, display error and do nothing to db
    A new task can be that keep a history of all the previous passwords and not allow users to use any of the old passwords

Screenshots / Visual Aids 🔎

_{📌 Required for: UI changes, layout updates, or bug fixes.}

Expand ⬇️

[Screencast from 2026-01-31 23-50-11.webm](https://github.com/user-attachments/assets/70162c95-9310-446e-8f21-b2bd31121486)

How to Test 🧪

1. Steps to Reproduce:
   • Step 1: Start the front end and back end
   • Step 2: login
   • Step 3: go to profile
   • Step 4: click change password
   • Step 5: enter current password for all three fields
   • Step 6: click change password
2. Expected Behavior: (Describe what should happen)
   Should see a message on the screen saying new password should be different than the current passoword
3. Actual Behavior (if bug): (Describe what happens instead)

Checklist ✅

• I have tested this PR locally and it works as expected.
• This PR resolves an issue (Missing Password Reuse Validation #143).
• Reviewers, assignees(self), tags, and labels are correctly assigned.
• Squash commits and enable auto-merge if approved.

[TVW96]

I tested and the duplicate password was successfully declined. Good work!

You can move this out of draft and into review.

test_reuse_password.mov

[github-actions]

E2E Test Results

• Total: 100
• Passed: 100
• Failed: 0

View detailed report

[NahomAlemu]

I confirm that this PR adds password reuse validation to prevent users from setting their new password to their current password. The backend now checks if the new password matches the current one in both resetPassword and changePassword flows, throwing a BadRequestException with a clear message. The tests were updated accordingly, though there are some commented-out lines that should be removed for cleaner code.

password_pr.mov