From 99bc74875edb44b4e679b17158511474cd575e10 Mon Sep 17 00:00:00 2001
From: Pitu <heyitspitu@gmail.com>
Date: Sat, 2 Mar 2019 22:36:16 +0900
Subject: Various password fixes

---
 src/api/routes/user/changePasswordPOST.js | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/api')

diff --git a/src/api/routes/user/changePasswordPOST.js b/src/api/routes/user/changePasswordPOST.js
index d73cff3..9cd621e 100644
--- a/src/api/routes/user/changePasswordPOST.js
+++ b/src/api/routes/user/changePasswordPOST.js
@@ -14,6 +14,12 @@ class changePasswordPOST extends Route {
 		if (!password || !newPassword) return res.status(401).json({ message: 'Invalid body provided' });
 		if (password === newPassword) return res.status(400).json({ message: 'Passwords have to be different' });
 
+		/*
+			Checks if the password is right
+		*/
+		const comparePassword = await bcrypt.compare(password, user.password);
+		if (!comparePassword) return res.status(401).json({ message: 'Current password is incorrect' });
+
 		if (newPassword.length < 6 || newPassword.length > 64) {
 			return res.status(400).json({ message: 'Password must have 6-64 characters' });
 		}
-- 
cgit v1.2.3