From d41a06baf1140ac913c0570e3b129a086229c2d8 Mon Sep 17 00:00:00 2001
From: AKP <abi@tdpain.net>
Date: Sun, 28 Jan 2024 15:22:17 +0000
Subject: [PATCH] Fix mismatching passwords preventing registration

If a user entered a non-matching password pair when registering,
they would be unable to complete registration as the old password
pair was retained inside the ancilliary request data and would
override the form.
---
 internal/httpcore/endpoints_auth.go | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/internal/httpcore/endpoints_auth.go b/internal/httpcore/endpoints_auth.go
index c606829..1b8272a 100644
--- a/internal/httpcore/endpoints_auth.go
+++ b/internal/httpcore/endpoints_auth.go
@@ -147,6 +147,18 @@ func (endpoints) authLogin(ctx *fiber.Ctx) error {
 
 		if requestData.PasswordConfirmation != requestData.Password {
 			requestProblem = "Passwords do not match."
+
+			// Since unregisteredAskPassword still includes previous request data, we need to remove the old passwords to prevent them from overriding the new passwords the user will input.
+			// If this were not done, a user that entered an non-matching password pair would never be able to set their password.
+
+			requestData.Password = ""
+			requestData.PasswordConfirmation = ""
+
+			requestDataJSON, err = json.Marshal(&requestData)
+			if err != nil {
+				return fmt.Errorf("authLogin marshal request data to JSON after removing passwords: %w", err)
+			}
+
 			goto unregisteredAskPassword
 		}