From b3a58ccee132df6bef3c920c8c1ceaa3906da666 Mon Sep 17 00:00:00 2001
From: Michel Jung <michel.jung89@gmail.com>
Date: Wed, 16 May 2018 13:14:43 +0200
Subject: [PATCH] Properly compare passwords when changing email address

---
 src/main/java/com/faforever/api/user/UserService.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/com/faforever/api/user/UserService.java b/src/main/java/com/faforever/api/user/UserService.java
index d4f615c48..fe14caf6f 100644
--- a/src/main/java/com/faforever/api/user/UserService.java
+++ b/src/main/java/com/faforever/api/user/UserService.java
@@ -191,7 +191,7 @@ private void createOrUpdateMauticContact(User user, String ipAddress) {
   }
 
   public void changeEmail(String currentPassword, String newEmail, User user, String ipAddress) {
-    if (!Objects.equals(user.getPassword(), passwordEncoder.encode(currentPassword))) {
+    if (!passwordEncoder.matches(currentPassword, user.getPassword())) {
       throw new ApiException(new Error(ErrorCode.EMAIL_CHANGE_FAILED_WRONG_PASSWORD));
     }