Allow password changes for external registrations

server/routes/index.js

@@ -277,7 +277,9 @@ router.get('/user/manage', ensureLogin, wrap(async (req, res) => {
 
 // Change password
 router.get('/user/manage/password', ensureLogin, wrap(async (req, res) => {
-  res.render('user/password_new')
+  let socialStatus = await API.User.socialStatus(req.session.user)
+
+  res.render('user/password_new', {token: socialStatus.password})
 }))
 
 // Change email
@@ -458,7 +460,7 @@ router.post('/login/reset', accountLimiter, csrfValidation, wrap(async (req, res
   }
 
   try {
-    await API.User.Reset.reset(email)
+    await API.User.Reset.reset(email, false)
 
     req.flash('message', {error: false, text: 'We\'ve sent a link to your email address. Please check spam folders, too!'})
     res.redirect('/login/reset?success=true')
@@ -631,15 +633,18 @@ router.post('/user/manage', csrfValidation, wrap(async (req, res, next) => {
 // Change user password
 router.post('/user/manage/password', accountLimiter, csrfValidation, wrap(async (req, res, next) => {
   if (!req.session.user) return next()
+  let user = req.session.user
+  let socialStatus = await API.User.socialStatus(user)
 
-  if (!req.body.password_old) {
+  if (!req.body.password_old && socialStatus.password) {
     return formError(req, res, 'Please enter your current password.')
   }
 
-  let user = req.session.user
+  if (socialStatus.password) {
-  let passwordMatch = await API.User.Login.password(user, req.body.password_old)
+    let passwordMatch = await API.User.Login.password(user, req.body.password_old)
-  if (!passwordMatch) {
+    if (!passwordMatch) {
-    return formError(req, res, 'The password you provided is incorrect.')
+      return formError(req, res, 'The password you provided is incorrect.')
+    }
   }
 
   let password = req.body.password