From: PhiTux <redacted>
Date: Thu, 18 Sep 2025 17:50:14 +0000 (+0200)
Subject: fixed backup-code usage on username-change
X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=9770a2928eab84d1ad2cad1323db5de00532d53c;p=DailyTxT.git

fixed backup-code usage on username-change
---

diff --git a/backend/handlers/users.go b/backend/handlers/users.go
index 1cd6b61..435c895 100644
--- a/backend/handlers/users.go
+++ b/backend/handlers/users.go
@@ -1067,6 +1067,16 @@ func ChangeUsername(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// check password
+	derivedKey, availableBackupCodes, err := utils.CheckPasswordForUser(userID, req.Password)
+	if err != nil || len(derivedKey) == 0 {
+		utils.JSONResponse(w, http.StatusOK, map[string]any{
+			"success":            false,
+			"password_incorrect": true,
+		})
+		return
+	}
+
 	// Get users
 	users, err := utils.GetUsers()
 	if err != nil {
@@ -1107,16 +1117,6 @@ func ChangeUsername(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
-	// check password
-	derivedKey, availableBackupCodes, err := utils.CheckPasswordForUser(userID, req.Password)
-	if err != nil || len(derivedKey) == 0 {
-		utils.JSONResponse(w, http.StatusOK, map[string]any{
-			"success":            false,
-			"password_incorrect": true,
-		})
-		return
-	}
-
 	// Update username
 	for _, u := range usersList {
 		user, ok := u.(map[string]any)