fix: #7593, unable to set account password if no password set

6 years ago · 80c0d579e3
parent a97e97b9c3
commit 80c0d579e3
1 changed files with 10 additions and 4 deletions
--- a/src/user/profile.js
+++ b/src/user/profile.js
@ -319,14 +319,20 @@ module.exports = function (User) {
 				User.isPasswordValid(data.newPassword, next);
 			},
 			function (next) {
-				User.isAdministrator(uid, next);
+				async.parallel({
+					isAdmin: async.apply(User.isAdministrator, uid),
+					hasPassword: async.apply(User.hasPassword, uid),
+				}, next);
 			},
-			function (isAdmin, next) {
-				if (meta.config['password:disableEdit'] && !isAdmin) {
+			function (checks, next) {
+				if (meta.config['password:disableEdit'] && !checks.isAdmin) {
 					return next(new Error('[[error:no-privileges]]'));
 				}

-				if (isAdmin && parseInt(uid, 10) !== parseInt(data.uid, 10)) {
+				if (
+					(checks.isAdmin && parseInt(uid, 10) !== parseInt(data.uid, 10)) ||		// Admins ok
+					(!checks.hasPassword && parseInt(uid, 10) === parseInt(data.uid, 10))	// Initial password set ok
+				) {
 					return next(null, true);
 				}