amazingandyyy · Avijit-roy · Jan 6, 2026
diff --git a/server/src/user/controller.js b/server/src/user/controller.js
@@ -1,24 +1,36 @@
 import UserModel from './model';
 
 export default {
-    updateProfile: (req, res, next) => {
-        req.user.comparedPassword(req.body.password, (err, good) => {
-            if (err || !good) return res.status(401).send(err || 'Incorrect Password')
-            const userId = req.user._id;
-            const newProfile = {
-                name: {
-                    first: req.body.firstName, 
-                    last: req.body.lastName
-                }
-            };
-            delete newProfile.email;
-            delete newProfile.phone;
-            delete newProfile.password;
-
-            UserModel.findByIdAndUpdate(userId, newProfile, {new: true})
-            .then(() => res.sendStatus(200))
-            .catch(next)
-        })
+  updateProfile: async (req, res, next) => {
+    try {
+      const { password, firstName, lastName } = req.body;
+
+      // Validate required fields
+      if (!password || !firstName || !lastName) {
+        return res.status(400).json({ error: 'Missing required fields' });
+      }
+
+      // Verify password
+      const isValidPassword = await req.user.comparePassword(password);
+      if (!isValidPassword) {
+        return res.status(401).json({ error: 'Incorrect password' });
+      }
+
+      // Update only safe fields
+      const updatedUser = await UserModel.findByIdAndUpdate(
+        req.user._id,
+        {
+          name: {
+            first: firstName,
+            last: lastName
+          }
+        },
+        { new: true, runValidators: true }
+      );
+
+      res.status(200).json({ user: updatedUser });
+    } catch (error) {
+      next(error);
     }
-    
-}
+  }
+};