X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fcore%2FDefaultSecurityService.java;h=b9220b2692af7305657593944012b950cc96754c;hb=c95922edc1d65ef4ef568d66e29ab0bd679693ef;hp=23e2372c8a5b1adb171c7e5a462d3ddad0e62be3;hpb=5fdef8bfcf058d698a9be5bcc1ae8cdcbe4ce0f0;p=lgpl%2Fargeo-commons.git

diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java
index 23e2372c8..b9220b269 100644
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/core/DefaultSecurityService.java
@@ -62,9 +62,9 @@ public class DefaultSecurityService implements ArgeoSecurityService {
 
 	public void updateCurrentUserPassword(String oldPassword, String newPassword) {
 		SimpleArgeoUser user = new SimpleArgeoUser(getCurrentUser());
-		if (!user.getPassword().equals(oldPassword))
+		if (!securityDao.isPasswordValid(user.getPassword(), oldPassword))
 			throw new ArgeoException("Old password is not correct.");
-		user.setPassword(newPassword);
+		user.setPassword(securityDao.encodePassword(newPassword));
 		securityDao.update(user);
 	}