From b46f92c7d8a07e84f49a550b32204c0a0672e831 Mon Sep 17 00:00:00 2001 From: Pavel Djundik Date: Fri, 2 Jun 2017 11:02:03 +0300 Subject: [PATCH] Only update bcrypt password rounds if the password actually matches --- src/server.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/server.js b/src/server.js index db92efe7..13406884 100644 --- a/src/server.js +++ b/src/server.js @@ -287,7 +287,7 @@ function localAuth(client, user, password, callback) { Helper.password .compare(password, client.config.password) .then(matching => { - if (Helper.password.requiresUpdate(client.config.password)) { + if (matching && Helper.password.requiresUpdate(client.config.password)) { const hash = Helper.password.hash(password); client.setPassword(hash, success => {