Skip to content

Commit

Permalink
🐛 Allowed administrators to change other users' passwords (#10891)
Browse files Browse the repository at this point in the history 
closes #10427

- Administrators don't know other users' passwords, but they should be able to change other users' password
- Don't require oldPassword to be provided
  • Loading branch information
@vikaspotluri123 @allouis
vikaspotluri123 authored and allouis committed Jul 15, 2019
1 parent b431dc5 commit 2823c0b
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion core/server/api/v2/users.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,7 @@ module.exports = {
data: {
newPassword: {required: true},
ne2Password: {required: true},
oldPassword: {required: true},
oldPassword: {required: false},
user_id: {required: true}
}
},
Expand Down

0 comments on commit 2823c0b

Please sign in to comment.