From b3a58ccee132df6bef3c920c8c1ceaa3906da666 Mon Sep 17 00:00:00 2001 From: Michel Jung Date: Wed, 16 May 2018 13:14:43 +0200 Subject: [PATCH] Properly compare passwords when changing email address --- src/main/java/com/faforever/api/user/UserService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/faforever/api/user/UserService.java b/src/main/java/com/faforever/api/user/UserService.java index d4f615c48..fe14caf6f 100644 --- a/src/main/java/com/faforever/api/user/UserService.java +++ b/src/main/java/com/faforever/api/user/UserService.java @@ -191,7 +191,7 @@ private void createOrUpdateMauticContact(User user, String ipAddress) { } public void changeEmail(String currentPassword, String newEmail, User user, String ipAddress) { - if (!Objects.equals(user.getPassword(), passwordEncoder.encode(currentPassword))) { + if (!passwordEncoder.matches(currentPassword, user.getPassword())) { throw new ApiException(new Error(ErrorCode.EMAIL_CHANGE_FAILED_WRONG_PASSWORD)); }