From e24f3472aefd041647e89652bc294cb4958ccc3c Mon Sep 17 00:00:00 2001
From: rammohan-y <37395033+rammohan-y@users.noreply.github.com>
Date: Wed, 9 Apr 2025 19:02:15 +0530
Subject: [PATCH] user should be able to change the temprary password (#407)

Refer to https://github.com/jambonz/jambonz-api-server/issues/406
---
 lib/middleware.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/middleware.js b/lib/middleware.js
index 245deb6..db41a80 100644
--- a/lib/middleware.js
+++ b/lib/middleware.js
@@ -33,6 +33,10 @@ function verifyViewOnlyUser(req, res, next) {
   if (req.method === 'GET') {
     return next();
   }
+  // current user is changing their password which shuould be allowed
+  if (req.body?.old_password && req.body?.new_password) {
+    return next();
+  }
   // Check if user is read-only
   if (req.user && !!req.user.is_view_only) {
     const upError = new UserPermissionError('User has view-only access');