From 78735b7fb7e9a3ef508963df7332d53aae19e0ec Mon Sep 17 00:00:00 2001
From: Oliver Boehlk <ollitobiasb@gmail.com>
Date: Sun, 17 May 2020 10:36:39 +0200
Subject: [PATCH] bugfix backend feedback for password changes

---
 backend/index.js | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/backend/index.js b/backend/index.js
index be7b6f5..c020d78 100644
--- a/backend/index.js
+++ b/backend/index.js
@@ -296,7 +296,7 @@ app.get('/API/resourcelist', function (req, res) {
 app.post("/API/user/setname", async function (req, res) {
     let { email, password } = req.body;
     if (email && password) {
-        if (DEBUG) return res.status(status.OK).send();
+        if (DEBUG) return res.status(status.OK).send("username changed");
         try {
             if (!await validatePassword(req.user.email, password))
                 return res.status(status.UNAUTHORIZED).send("wrong password supplied");
@@ -317,7 +317,7 @@ app.post("/API/user/setname", async function (req, res) {
 app.post("/API/user/setpassword", async function (req, res) {
     let { oldpassword, newpassword } = req.body;
     if (oldpassword && newpassword) {
-        if (DEBUG) return res.status(status.OK).send();
+        if (DEBUG) return res.status(status.OK).send("password changed");
         try {
             if (!await validatePassword(req.user.email, oldpassword))
                 return res.status(status.UNAUTHORIZED).send("wrong password supplied");
@@ -326,8 +326,8 @@ app.post("/API/user/setpassword", async function (req, res) {
         }
         connection.query(`UPDATE user SET password = ${mysql.escape(bcrypt.hashSync(newpassword, saltRounds))} WHERE email = ${mysql.escape(req.user.email)}`, function (err, rows) {
             if (err)
-                return res.status(status.INTERNAL_SERVER_ERROR).send("the username seems invalid or already taken - if you think this is an error contact the sys admin");
-            return res.status(status.OK).send("username changed");
+                return res.status(status.INTERNAL_SERVER_ERROR).send("the password could not be set - if you think this is an error contact the sys admin");
+            return res.status(status.OK).send("password changed");
         });
     } else {
         return res.status(status.BAD_REQUEST).send("invalid data supplied");