From 1a862e47ab5a15b96e0903a8de4dc6ba710d4472 Mon Sep 17 00:00:00 2001 From: Louis Lam Date: Mon, 23 Oct 2023 06:21:39 +0800 Subject: [PATCH] Check if the password changed when user is not null --- server/server.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/server/server.js b/server/server.js index e8132cb9..6baf343e 100644 --- a/server/server.js +++ b/server/server.js @@ -299,12 +299,12 @@ let needSetup = false; decoded.username, ]); - // Check if the password changed - if (decoded.h !== shake256(user.password, SHAKE256_LENGTH)) { - throw new Error("The token is invalid due to password change or old token"); - } - if (user) { + // Check if the password changed + if (decoded.h !== shake256(user.password, SHAKE256_LENGTH)) { + throw new Error("The token is invalid due to password change or old token"); + } + log.debug("auth", "afterLogin"); afterLogin(socket, user); log.debug("auth", "afterLogin ok");