Various password fixes

2 files changed, 8 insertions, 2 deletions

diff --git a/src/api/routes/user/changePasswordPOST.js b/src/api/routes/user/changePasswordPOST.js
index d73cff3..9cd621e 100644
--- a/src/api/routes/user/changePasswordPOST.js
+++ b/src/api/routes/user/changePasswordPOST.js
@@ -14,6 +14,12 @@ class changePasswordPOST extends Route {
 		if (!password || !newPassword) return res.status(401).json({ message: 'Invalid body provided' });
 		if (password === newPassword) return res.status(400).json({ message: 'Passwords have to be different' });
 
+		/*
+			Checks if the password is right
+		*/
+		const comparePassword = await bcrypt.compare(password, user.password);
+		if (!comparePassword) return res.status(401).json({ message: 'Current password is incorrect' });
+
 		if (newPassword.length < 6 || newPassword.length > 64) {
 			return res.status(400).json({ message: 'Password must have 6-64 characters' });
 		}
diff --git a/src/site/pages/dashboard/account.vue b/src/site/pages/dashboard/account.vue
index 8e3bc65..3ff6c70 100644
--- a/src/site/pages/dashboard/account.vue
+++ b/src/site/pages/dashboard/account.vue
@@ -114,8 +114,8 @@ export default {
 			}
 		},
 		async changePassword() {
-			if (!this.user.password || !this.user.newPassword || !this.user.reNewPassword) return;
-			if (this.user.newPassword !== this.user.reNewPassword) return;
+			if (!this.user.password || !this.user.newPassword || !this.user.reNewPassword) return this.$showToast('One or more fields are missing', true);
+			if (this.user.newPassword !== this.user.reNewPassword) return this.$showToast('Passwords don\'t match', true);
 
 			try {
 				const response = await this.axios.post(`${this.config.baseURL}/user/password/change`,