fixed backup-code usage on username-change

author PhiTux <redacted>

Thu, 18 Sep 2025 17:50:14 +0000 (19:50 +0200)

committer PhiTux <redacted>

Thu, 18 Sep 2025 17:50:14 +0000 (19:50 +0200)
author PhiTux <redacted>
Thu, 18 Sep 2025 17:50:14 +0000 (19:50 +0200)
committer PhiTux <redacted>
Thu, 18 Sep 2025 17:50:14 +0000 (19:50 +0200)
diff --git a/backend/handlers/users.go b/backend/handlers/users.go

index 1cd6b612fffe05f9938640e35a954424ebbda1ac..435c89575b1661ed378d397ed5c0ffcf7971b849 100644 (file)
--- a/backend/handlers/users.go
+++ b/backend/handlers/users.go
@@ -1067,6 +1067,16 @@ func ChangeUsername(w http.ResponseWriter, r *http.Request) {
                 return
         }
  
+       // check password
+       derivedKey, availableBackupCodes, err := utils.CheckPasswordForUser(userID, req.Password)
+       if err != nil || len(derivedKey) == 0 {
+               utils.JSONResponse(w, http.StatusOK, map[string]any{
+                       "success":            false,
+                       "password_incorrect": true,
+               })
+               return
+       }
+
         // Get users
         users, err := utils.GetUsers()
         if err != nil {
@@ -1107,16 +1117,6 @@ func ChangeUsername(w http.ResponseWriter, r *http.Request) {
                 }
         }
  
-       // check password
-       derivedKey, availableBackupCodes, err := utils.CheckPasswordForUser(userID, req.Password)
-       if err != nil || len(derivedKey) == 0 {
-               utils.JSONResponse(w, http.StatusOK, map[string]any{
-                       "success":            false,
-                       "password_incorrect": true,
-               })
-               return
-       }
-
         // Update username
         for _, u := range usersList {
                 user, ok := u.(map[string]any)
author	PhiTux <redacted>
	Thu, 18 Sep 2025 17:50:14 +0000 (19:50 +0200)
committer	PhiTux <redacted>
	Thu, 18 Sep 2025 17:50:14 +0000 (19:50 +0200)