From da4a3e41c6e6aedff4d4d89bc76fdf60ac5ef336 Mon Sep 17 00:00:00 2001
From: Vivek Santayana <me@viveksantayana.co.uk>
Date: Sat, 27 Aug 2022 09:42:48 +0100
Subject: [PATCH] Bugfix: Wrong account password for updating user

---
 ref-test/app/admin/views.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ref-test/app/admin/views.py b/ref-test/app/admin/views.py
index 5b49cde..ea66a53 100644
--- a/ref-test/app/admin/views.py
+++ b/ref-test/app/admin/views.py
@@ -215,7 +215,7 @@ def _update_user(id:str):
     if request.method == 'POST': 
         if not user: return jsonify({'error': 'User does not exist.'}), 400
         if form.validate_on_submit():
-            if not user.verify_password(request.form.get('confirm_password')): return jsonify({'error': 'Invalid password for your account.'}), 401
+            if not current_user.verify_password(request.form.get('confirm_password')): return jsonify({'error': 'Invalid password for your account.'}), 401
             success, message = user.update(
                 password = request.form.get('password'),
                 email = request.form.get('email'),