From 0ccb8364448d27ea07c8b11972ff454d610893c6 Mon Sep 17 00:00:00 2001
From: Elias Schneider <login@eliasschneider.com>
Date: Sun, 14 Jan 2024 14:14:07 +0100
Subject: [PATCH] fix: password can be changed with wrong password

---
 backend/src/auth/auth.service.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/src/auth/auth.service.ts b/backend/src/auth/auth.service.ts
index d46c14c8..35453f7f 100644
--- a/backend/src/auth/auth.service.ts
+++ b/backend/src/auth/auth.service.ts
@@ -139,7 +139,7 @@ export class AuthService {
 
   async updatePassword(user: User, newPassword: string, oldPassword?: string) {
     const isPasswordValid =
-      !user.password || !(await argon.verify(user.password, oldPassword));
+      !user.password || await argon.verify(user.password, oldPassword);
 
     if (!isPasswordValid) throw new ForbiddenException("Invalid password");