diff --git a/plugins/generic-sessions/handlers.c b/plugins/generic-sessions/handlers.c index ccea5446..f80c8819 100644 --- a/plugins/generic-sessions/handlers.c +++ b/plugins/generic-sessions/handlers.c @@ -289,14 +289,19 @@ lwsgs_handler_change_password(struct per_vhost_data__gs *vhd, struct lws *wsi, return 1; /* did a forgot pw ? */ - if (u.last_forgot_validated > lws_now_secs() - 300) + if (u.last_forgot_validated > lws_now_secs() - 300) { n |= LWSGS_AUTH_FORGOT_FLOW; + lwsl_debug("within forgot password flow\n"); + } } } + lwsl_debug("auth value %d\n", n); + /* if he just did forgot pw flow, don't need old pw */ - if (!(n & (LWSGS_AUTH_FORGOT_FLOW | 1))) { + if ((n & (LWSGS_AUTH_FORGOT_FLOW | 1)) != (LWSGS_AUTH_FORGOT_FLOW | 1)) { /* otherwise user:pass must be right */ + lwsl_debug("checking pw\n"); if (lwsgs_check_credentials(vhd, lws_spa_get_string(pss->spa, FGS_USERNAME), lws_spa_get_string(pss->spa, FGS_CURPW))) { @@ -304,6 +309,8 @@ lwsgs_handler_change_password(struct per_vhost_data__gs *vhd, struct lws *wsi, return 1; } + lwsl_debug("current pw checks out\n"); + strncpy(u.username, lws_spa_get_string(pss->spa, FGS_USERNAME), sizeof(u.username) - 1); u.username[sizeof(u.username) - 1] = '\0'; }