From ea1e13ead6c2eb9ef6d37dc63bfade6f416433bc Mon Sep 17 00:00:00 2001 From: Filip Gralinski Date: Sat, 18 Feb 2017 11:10:39 +0100 Subject: [PATCH] admins password cannot be reset --- Handler/AccountReset.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Handler/AccountReset.hs b/Handler/AccountReset.hs index 5daf5ee..f9bee2d 100644 --- a/Handler/AccountReset.hs +++ b/Handler/AccountReset.hs @@ -91,7 +91,7 @@ doResetPassword key (Just userId) (Just password) = do doResetPassword' (isPasswordAcceptable password) key userId password doResetPassword key Nothing _ = do - runDB $ updateWhere [UserVerificationKey ==. Just key] removeVerificationKeyStatement + runDB $ updateWhere [UserVerificationKey ==. Just key, UserIsAdmin ==. False] removeVerificationKeyStatement master <- getYesod defaultLayout $ do setTitle "Reset password"