Check if the password changed when user is not null

This commit is contained in:
Louis Lam 2023-10-22 00:50:47 +08:00
parent 9b599ccd1d
commit 87b2e45fbf
1 changed files with 5 additions and 5 deletions

View File

@ -318,12 +318,12 @@ let needSetup = false;
decoded.username,
]);
// Check if the password changed
if (decoded.h !== shake256(user.password, SHAKE256_LENGTH)) {
throw new Error("The token is invalid due to password change or old token");
}
if (user) {
// Check if the password changed
if (decoded.h !== shake256(user.password, SHAKE256_LENGTH)) {
throw new Error("The token is invalid due to password change or old token");
}
log.debug("auth", "afterLogin");
afterLogin(socket, user);
log.debug("auth", "afterLogin ok");