Ensure we send proper password requirements on password reset

2016-01-26 15:21:03 +01:00
parent ee9c8ba4eb
commit 9b4c385a64
2 changed files with 10 additions and 0 deletions
@@ -316,6 +316,7 @@ function passwordReset(req, res, next) {

        // setPassword clears the resetToken
        user.setPassword(userObject.id, req.body.password, function (error, result) {
+            if (error && error.reason === UserError.BAD_PASSWORD) return next(new HttpError(406, 'Password does not meet the requirements'));
            if (error) return next(new HttpError(500, error));

            res.redirect(util.format('%s?accessToken=%s&expiresAt=%s', config.adminOrigin(), result.token, result.expiresAt));