Password is updated even if the password and confirm password are not equal #16057
Description
Description:
A user can update the password from Update Profile section even if the password and confirm password fields are not equal. It takes the newly updated password as the input password field ignoring the value of input confirm-password field.
Gif for the issue:
Steps to reproduce:
- Go to My accounts.
- Click on Profile
- Enter different values of password and confirm password.
- Click "Save Changes" button.
- Enter current password.
- Click Save.
- Boom. You get password updated toast message and your password is updated.
Expected behavior:
It should not be able to update profile if password and confirm mismatch occur.
Actual behavior:
It's updating the password even if the password and confirm password fields are not equal.
Server Setup Information:
- Version of Rocket.Chat Server: 3.0.0-develop
- Operating System: ubuntu
- Deployment Method: meteor
- NodeJS Version: 8.16.2 - x64
- MongoDB Version: 4.0.6
Additional context
I am working on it.