Use loginAttempt service for change password

elastic · Nov 20, 2018 · 612eeb3 · 612eeb3
1 parent 1ca91dd
commit 612eeb3
Showing 1 changed file with 2 additions and 3 deletions.
diff --git a/x-pack/plugins/security/server/routes/api/v1/users.js b/x-pack/plugins/security/server/routes/api/v1/users.js
@@ -105,9 +105,8 @@ export function initUsersApi(server) {
 
         // Now we authenticate user with the new password again updating current session if any.
         if (isCurrentUser) {
-          const authenticationResult = await server.plugins.security.authenticate(
-            BasicCredentials.decorateRequest(request, username, newPassword)
-          );
+          request.loginAttempt().setCredentials(username, newPassword);
+          const authenticationResult = await server.plugins.security.authenticate(request);
 
           if (!authenticationResult.succeeded()) {
             throw Boom.unauthorized((authenticationResult.error));