Only update bcrypt password rounds if the password actually matches

2017-06-02 11:02:03 +03:00 · 2017-06-02 11:02:03 +03:00 · b46f92c7d8
commit b46f92c7d8
parent 1f1b025b81
1 changed files with 1 additions and 1 deletions
--- a/src/server.js
+++ b/src/server.js
@ -287,7 +287,7 @@ function localAuth(client, user, password, callback) {
 	Helper.password
 		.compare(password, client.config.password)
 		.then(matching => {
-			if (Helper.password.requiresUpdate(client.config.password)) {
+			if (matching && Helper.password.requiresUpdate(client.config.password)) {
 				const hash = Helper.password.hash(password);

 				client.setPassword(hash, success => {