From b6423f6313334ded7fedc5dbc2da3b79e145daa8 Mon Sep 17 00:00:00 2001
From: Lloyd Hilaiel <lloyd@hilaiel.com>
Date: Tue, 20 Dec 2011 09:53:05 -0700
Subject: [PATCH] fix old password check in update_password api - closes #114

---
 lib/wsapi/update_password.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/wsapi/update_password.js b/lib/wsapi/update_password.js
index b7698696e..9cbad100f 100644
--- a/lib/wsapi/update_password.js
+++ b/lib/wsapi/update_password.js
@@ -23,6 +23,11 @@ exports.process = function(req, res) {
         return res.json({ success: false });
       }
 
+      if (!success) {
+        logger.info("password update fails, incorrect old password");
+        return res.json({ success: false });
+      }
+
       logger.info("updating password for email " + req.session.authenticatedUser);
       wsapi.bcryptPassword(req.body.newpass, function(err, hash) {
         if (err) {
-- 
GitLab