From 7757f965eb29670a9569d4e05b897251f83b782a Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Thu, 1 Oct 2020 16:58:29 -0400
Subject: [PATCH] fix: errors thrown if no password sent in to profile edit
 route

---
 src/controllers/write/users.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/controllers/write/users.js b/src/controllers/write/users.js
index 74f358c2f7..f571e27fb4 100644
--- a/src/controllers/write/users.js
+++ b/src/controllers/write/users.js
@@ -29,7 +29,7 @@ Users.update = async (req, res) => {
 	const [isAdminOrGlobalMod, canEdit, passwordMatch] = await Promise.all([
 		user.isAdminOrGlobalMod(req.user.uid),
 		privileges.users.canEdit(req.user.uid, req.params.uid),
-		user.isPasswordCorrect(req.body.uid, req.body.password, req.ip),
+		req.body.password ? user.isPasswordCorrect(req.body.uid, req.body.password, req.ip) : false,
 	]);
 
 	// Changing own email/username requires password confirmation