From 87b2e45fbf31be91d19d89e6bead3b9653a1cd6e Mon Sep 17 00:00:00 2001
From: Louis Lam <louislam@users.noreply.github.com>
Date: Sun, 22 Oct 2023 00:50:47 +0800
Subject: [PATCH] Check if the password changed when user is not null

---
 server/server.js | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/server/server.js b/server/server.js
index d03c715db5..f726790c2d 100644
--- a/server/server.js
+++ b/server/server.js
@@ -318,12 +318,12 @@ let needSetup = false;
                     decoded.username,
                 ]);
 
-                // Check if the password changed
-                if (decoded.h !== shake256(user.password, SHAKE256_LENGTH)) {
-                    throw new Error("The token is invalid due to password change or old token");
-                }
-
                 if (user) {
+                    // Check if the password changed
+                    if (decoded.h !== shake256(user.password, SHAKE256_LENGTH)) {
+                        throw new Error("The token is invalid due to password change or old token");
+                    }
+
                     log.debug("auth", "afterLogin");
                     afterLogin(socket, user);
                     log.debug("auth", "afterLogin ok");