From b6423f6313334ded7fedc5dbc2da3b79e145daa8 Mon Sep 17 00:00:00 2001 From: Lloyd Hilaiel <lloyd@hilaiel.com> Date: Tue, 20 Dec 2011 09:53:05 -0700 Subject: [PATCH] fix old password check in update_password api - closes #114 --- lib/wsapi/update_password.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/wsapi/update_password.js b/lib/wsapi/update_password.js index b7698696e..9cbad100f 100644 --- a/lib/wsapi/update_password.js +++ b/lib/wsapi/update_password.js @@ -23,6 +23,11 @@ exports.process = function(req, res) { return res.json({ success: false }); } + if (!success) { + logger.info("password update fails, incorrect old password"); + return res.json({ success: false }); + } + logger.info("updating password for email " + req.session.authenticatedUser); wsapi.bcryptPassword(req.body.newpass, function(err, hash) { if (err) { -- GitLab