From 7396a6d7ab0ace209ff3e94897f3276797eff59b Mon Sep 17 00:00:00 2001
From: Sahat Yalkabov <sakhat@gmail.com>
Date: Sat, 1 Feb 2014 03:39:11 -0500
Subject: [PATCH] Changed updatePassword controller validation to use
 express-validator instead of custom if statements

---
 controllers/user.js | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/controllers/user.js b/controllers/user.js
index e813dddd17..5dde93a8f0 100644
--- a/controllers/user.js
+++ b/controllers/user.js
@@ -141,13 +141,14 @@ exports.postUpdateProfile = function(req, res, next) {
  */
 
 exports.postUpdatePassword = function(req, res, next) {
-  if (!req.body.password) {
-    req.flash('errors', { msg: 'Password cannot be blank.' });
-    return res.redirect('/account');
-  }
+  req.assert('password', 'Password cannot be blank').notEmpty();
+  req.assert('password', 'Password must be at least 4 characters long').len(4);
+  req.assert('confirmPassword', 'Passwords do not match').equals(req.body.password);
 
-  if (req.body.password !== req.body.confirmPassword) {
-    req.flash('errors', { msg: 'Passwords do not match.' });
+  var errors = req.validationErrors();
+
+  if (errors) {
+    req.flash('errors', errors);
     return res.redirect('/account');
   }