src/utils/auth.rs

@@ -288,8 +288,8 @@ pub async fn update_password(
     };
 
     let user_row = match conn.query_row(
-        "SELECT password, id FROM users WHERE username = ?1 AND current_password = ?2",
+        "SELECT password, id FROM users WHERE username = ?1",
-        params![&payload.username, &payload.current_password],
+        params![&payload.username],
         |row|{
             let password: String = row.get(0)?;
             let id: i32 = row.get(1)?;
@@ -297,7 +297,7 @@ pub async fn update_password(
         },
     ).optional() {
         Ok(opt) => opt,
-        Err(_) => return (StatusCode::INTERNAL_SERVER_ERROR, "DB query error")
+        Err(e) => return (StatusCode::INTERNAL_SERVER_ERROR, format!("DB query error: {}", e ))
         .into_response(),
     };
     
@@ -307,7 +307,7 @@ pub async fn update_password(
         .into_response(),
     };
     
-    if verify_password( &payload.current_password, &password ) {
+    if !verify_password( &payload.current_password, &password ) {
         return (StatusCode::UNAUTHORIZED, "Invalid Password").into_response()
     };