diff options
author | Christopher Speller <crspeller@gmail.com> | 2016-07-12 10:09:04 -0400 |
---|---|---|
committer | Harrison Healey <harrisonmhealey@gmail.com> | 2016-07-12 10:09:04 -0400 |
commit | c976c2881ce5e34febac8a9850a6bad5d728625e (patch) | |
tree | 7fea777c1c9ba386d97dbdaa2e0b8c83cc419056 /api/user.go | |
parent | 128e4f984ad565297ab1c7b8921d877d3a9c8f03 (diff) | |
download | chat-c976c2881ce5e34febac8a9850a6bad5d728625e.tar.gz chat-c976c2881ce5e34febac8a9850a6bad5d728625e.tar.bz2 chat-c976c2881ce5e34febac8a9850a6bad5d728625e.zip |
Some improvments to password handling (#3549)
Diffstat (limited to 'api/user.go')
-rw-r--r-- | api/user.go | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/api/user.go b/api/user.go index bb2f1c794..7dd26efd6 100644 --- a/api/user.go +++ b/api/user.go @@ -1388,8 +1388,12 @@ func updatePassword(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !model.ComparePassword(user.Password, currentPassword) { - c.Err = model.NewLocAppError("updatePassword", "api.user.update_password.incorrect.app_error", nil, "") + if err := doubleCheckPassword(user, currentPassword); err != nil { + if err.Id == "api.user.check_user_password.invalid.app_error" { + c.Err = model.NewLocAppError("updatePassword", "api.user.update_password.incorrect.app_error", nil, "") + } else { + c.Err = err + } c.Err.StatusCode = http.StatusForbidden return } |