Some improvments to password handling (#3549)

author: Christopher Speller <crspeller@gmail.com> 2016-07-12 10:09:04 -0400
committer: Harrison Healey <harrisonmhealey@gmail.com> 2016-07-12 10:09:04 -0400
commit: c976c2881ce5e34febac8a9850a6bad5d728625e (patch)
tree: 7fea777c1c9ba386d97dbdaa2e0b8c83cc419056 /api/user.go
parent: 128e4f984ad565297ab1c7b8921d877d3a9c8f03 (diff)
download: chat-c976c2881ce5e34febac8a9850a6bad5d728625e.tar.gz
chat-c976c2881ce5e34febac8a9850a6bad5d728625e.tar.bz2
chat-c976c2881ce5e34febac8a9850a6bad5d728625e.zip
1 files changed, 6 insertions, 2 deletions
diff --git a/api/user.go b/api/user.go
index bb2f1c794..7dd26efd6 100644
--- a/api/user.go
+++ b/api/user.go
@@ -1388,8 +1388,12 @@ func updatePassword(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if !model.ComparePassword(user.Password, currentPassword) {
-		c.Err = model.NewLocAppError("updatePassword", "api.user.update_password.incorrect.app_error", nil, "")
+	if err := doubleCheckPassword(user, currentPassword); err != nil {
+		if err.Id == "api.user.check_user_password.invalid.app_error" {
+			c.Err = model.NewLocAppError("updatePassword", "api.user.update_password.incorrect.app_error", nil, "")
+		} else {
+			c.Err = err
+		}
 		c.Err.StatusCode = http.StatusForbidden
 		return
 	}
author	Christopher Speller <crspeller@gmail.com>	2016-07-12 10:09:04 -0400
committer	Harrison Healey <harrisonmhealey@gmail.com>	2016-07-12 10:09:04 -0400
commit	c976c2881ce5e34febac8a9850a6bad5d728625e (patch)
tree	7fea777c1c9ba386d97dbdaa2e0b8c83cc419056 /api/user.go
parent	128e4f984ad565297ab1c7b8921d877d3a9c8f03 (diff)
download	chat-c976c2881ce5e34febac8a9850a6bad5d728625e.tar.gz chat-c976c2881ce5e34febac8a9850a6bad5d728625e.tar.bz2 chat-c976c2881ce5e34febac8a9850a6bad5d728625e.zip