Check if the password changed when user is not null

1 year ago · 1a862e47ab
parent e64bf0e3fe
commit 1a862e47ab
1 changed files with 5 additions and 5 deletions
--- a/server/server.js
+++ b/server/server.js
@ -299,12 +299,12 @@ let needSetup = false;
                    decoded.username,
                ]);

-                // Check if the password changed
-                if (decoded.h !== shake256(user.password, SHAKE256_LENGTH)) {
-                    throw new Error("The token is invalid due to password change or old token");
-                }
-
                if (user) {
+                    // Check if the password changed
+                    if (decoded.h !== shake256(user.password, SHAKE256_LENGTH)) {
+                        throw new Error("The token is invalid due to password change or old token");
+                    }
+
                    log.debug("auth", "afterLogin");
                    afterLogin(socket, user);
                    log.debug("auth", "afterLogin ok");