From 47561ce3edc996392f11dd6c50cfe326efa8bfec Mon Sep 17 00:00:00 2001
From: Amos Haviv <mail@amoshaviv.com>
Date: Mon, 31 Mar 2014 02:39:07 +0300
Subject: [PATCH] Fixed password hashing in general

---
 app/controllers/users.js | 72 ++++++++++++++++++----------------------
 app/models/user.js       |  6 +++-
 2 files changed, 38 insertions(+), 40 deletions(-)

diff --git a/app/controllers/users.js b/app/controllers/users.js
index bcbc245884..e2ff8f4b99 100755
--- a/app/controllers/users.js
+++ b/app/controllers/users.js
@@ -129,56 +129,50 @@ exports.changePassword = function(req, res, next) {
 	var passwordDetails = req.body;
 	var message = null;
 
-	if (passwordDetails.currentPassword) {
-		if (req.user) {
-			User.findById(req.user.id, function(err, user) {
-				if (!err && user) {
-					if (user.authenticate(passwordDetails.currentPassword)) {
-						if (passwordDetails.newPassword === passwordDetails.verifyPassword) {
-							user.password = passwordDetails.newPassword;
-
-							user.save(function(err) {
-								if (err) {
-									return res.send(400, {
-										message: getErrorMessage(err)
-									});
-								} else {
-									req.login(user, function(err) {
-										if (err) {
-											res.send(400, err);
-										} else {
-											res.send({
-												message: 'Password changed successfully'
-											});
-										}
-									});
-								}
-							});
+	if (req.user) {
+		User.findById(req.user.id, function(err, user) {
+			if (!err && user) {
+				if (user.authenticate(passwordDetails.currentPassword)) {
+					if (passwordDetails.newPassword === passwordDetails.verifyPassword) {
+						user.password = passwordDetails.newPassword;
+
+						user.save(function(err) {
+							if (err) {
+								return res.send(400, {
+									message: getErrorMessage(err)
+								});
+							} else {
+								req.login(user, function(err) {
+									if (err) {
+										res.send(400, err);
+									} else {
+										res.send({
+											message: 'Password changed successfully'
+										});
+									}
+								});
+							}
+						});
 
-						} else {
-							res.send(400, {
-								message: 'Passwords do not match'
-							});
-						}
 					} else {
 						res.send(400, {
-							message: 'Current password is incorrect'
+							message: 'Passwords do not match'
 						});
 					}
 				} else {
 					res.send(400, {
-						message: 'User is not found'
+						message: 'Current password is incorrect'
 					});
 				}
-			});
-		} else {
-			res.send(400, {
-				message: 'User is not signed in'
-			});
-		}
+			} else {
+				res.send(400, {
+					message: 'User is not found'
+				});
+			}
+		});
 	} else {
 		res.send(400, {
-			message: 'Please fill current password'
+			message: 'User is not signed in'
 		});
 	}
 };
diff --git a/app/models/user.js b/app/models/user.js
index 6549d2508b..30d12bb12d 100755
--- a/app/models/user.js
+++ b/app/models/user.js
@@ -92,7 +92,11 @@ UserSchema.pre('save', function(next) {
  * Create instance method for hashing a password
  */
 UserSchema.methods.hashPassword = function(password) {
-	return crypto.pbkdf2Sync(password, this.salt, 10000, 64).toString('base64');
+	if (password) {
+		return crypto.pbkdf2Sync(password, this.salt, 10000, 64).toString('base64');
+	} else {
+		return password;
+	}
 };
 
 /**