From 41d1f9d26f8b34f54abcfbb4c32642aad2129475 Mon Sep 17 00:00:00 2001
From: si458 <simonsmith5521@gmail.com>
Date: Mon, 30 Sep 2024 17:30:07 +0100
Subject: [PATCH] Revert "allow password resets when using allowaccountreset
 and reset together #6261"

This reverts commit 8e5aa35bf3ba169611a074b24a32cf944264f443.
---
 webserver.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webserver.js b/webserver.js
index 7ef83adad8..1e88f3d3ce 100644
--- a/webserver.js
+++ b/webserver.js
@@ -1635,7 +1635,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
         const sec = parent.decryptSessionData(req.session.e);
 
         // Check everything is ok
-        const allowAccountReset = ((typeof domain.passwordrequirements != 'object') || (typeof domain.passwordrequirements.reset === 'number' && domain.passwordrequirements.allowaccountreset !== false));
+        const allowAccountReset = ((typeof domain.passwordrequirements != 'object') || (domain.passwordrequirements.allowaccountreset !== false));
         if ((allowAccountReset === false) || (domain == null) || (domain.auth == 'sspi') || (domain.auth == 'ldap') || (typeof req.body.rpassword1 != 'string') || (typeof req.body.rpassword2 != 'string') || (req.body.rpassword1 != req.body.rpassword2) || (typeof req.body.rpasswordhint != 'string') || (req.session == null) || (typeof sec.rtuser != 'string') || (typeof sec.rtpass != 'string')) {
             parent.debug('web', 'handleResetPasswordRequest: checks failed');
             delete req.session.e;