From 87b2e45fbf31be91d19d89e6bead3b9653a1cd6e Mon Sep 17 00:00:00 2001 From: Louis Lam Date: Sun, 22 Oct 2023 00:50:47 +0800 Subject: [PATCH] Check if the password changed when user is not null --- server/server.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/server/server.js b/server/server.js index d03c715db..f726790c2 100644 --- a/server/server.js +++ b/server/server.js @@ -318,12 +318,12 @@ let needSetup = false; decoded.username, ]); - // Check if the password changed - if (decoded.h !== shake256(user.password, SHAKE256_LENGTH)) { - throw new Error("The token is invalid due to password change or old token"); - } - if (user) { + // Check if the password changed + if (decoded.h !== shake256(user.password, SHAKE256_LENGTH)) { + throw new Error("The token is invalid due to password change or old token"); + } + log.debug("auth", "afterLogin"); afterLogin(socket, user); log.debug("auth", "afterLogin ok");