diff --git a/webserver.js b/webserver.js index 7ef83adad8..1e88f3d3ce 100644 --- a/webserver.js +++ b/webserver.js @@ -1635,7 +1635,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF const sec = parent.decryptSessionData(req.session.e); // Check everything is ok - const allowAccountReset = ((typeof domain.passwordrequirements != 'object') || (typeof domain.passwordrequirements.reset === 'number' && domain.passwordrequirements.allowaccountreset !== false)); + const allowAccountReset = ((typeof domain.passwordrequirements != 'object') || (domain.passwordrequirements.allowaccountreset !== false)); if ((allowAccountReset === false) || (domain == null) || (domain.auth == 'sspi') || (domain.auth == 'ldap') || (typeof req.body.rpassword1 != 'string') || (typeof req.body.rpassword2 != 'string') || (req.body.rpassword1 != req.body.rpassword2) || (typeof req.body.rpasswordhint != 'string') || (req.session == null) || (typeof sec.rtuser != 'string') || (typeof sec.rtpass != 'string')) { parent.debug('web', 'handleResetPasswordRequest: checks failed'); delete req.session.e;