From 462440bb30dcf2d3e797a097386354ef9d1a9a60 Mon Sep 17 00:00:00 2001
From: Girish Ramakrishnan <girish@cloudron.io>
Date: Thu, 2 Jun 2016 14:25:59 -0700
Subject: [PATCH] do not check for password in profile route

This is already checked by the verifyPassword middleware based on
the token type.

When using dev tokens, this check barfs for lack of password field
even when none is required.
---
 src/routes/profile.js | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/routes/profile.js b/src/routes/profile.js
index 951a5e4f9..035efba34 100644
--- a/src/routes/profile.js
+++ b/src/routes/profile.js
@@ -57,7 +57,6 @@ function changePassword(req, res, next) {
     assert.strictEqual(typeof req.body, 'object');
     assert.strictEqual(typeof req.user, 'object');
 
-    if (typeof req.body.password !== 'string') return next(new HttpError(400, 'password must be set to old password'));
     if (typeof req.body.newPassword !== 'string') return next(new HttpError(400, 'newPassword must be a string'));
 
     user.setPassword(req.user.id, req.body.newPassword, function (error) {