iio/pingvin-share
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: password can be changed with wrong password

Browse Source
This commit is contained in:
Elias Schneider
2024-01-14 14:14:07 +01:00
parent 067652aa80
commit 0ccb836444
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/src/auth/auth.service.ts
View File

@@ -139,7 +139,7 @@ export class AuthService {
async updatePassword(user: User, newPassword: string, oldPassword?: string) { async updatePassword(user: User, newPassword: string, oldPassword?: string) {
const isPasswordValid = const isPasswordValid =
!user.password || !(await argon.verify(user.password, oldPassword)); !user.password || await argon.verify(user.password, oldPassword);
if (!isPasswordValid) throw new ForbiddenException("Invalid password"); if (!isPasswordValid) throw new ForbiddenException("Invalid password");