fix: errors thrown if no password sent in to profile edit route

NodeBB · Oct 8, 2020 · 7757f96 · 7757f96
1 parent 549ca11
commit 7757f96
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/controllers/write/users.js b/src/controllers/write/users.js
@@ -29,7 +29,7 @@ Users.update = async (req, res) => {
 	const [isAdminOrGlobalMod, canEdit, passwordMatch] = await Promise.all([
 		user.isAdminOrGlobalMod(req.user.uid),
 		privileges.users.canEdit(req.user.uid, req.params.uid),
-		user.isPasswordCorrect(req.body.uid, req.body.password, req.ip),
+		req.body.password ? user.isPasswordCorrect(req.body.uid, req.body.password, req.ip) : false,
 	]);
 
 	// Changing own email/username requires password confirmation