From 44707f34c22787a653fe7ebdf55a2d414b1af60e Mon Sep 17 00:00:00 2001
From: Naeem Ullah <enaeemullah@gmail.com>
Date: Tue, 6 Jan 2026 18:06:41 +0500
Subject: [PATCH] Fix password verification logic in UserService

Corrects the password verification by comparing the provided old password with the user's actual stored password instead of the new password.
---
 .../com/mfsys/aconnect/usermanagement/service/UserService.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aconnect/src/main/java/com/mfsys/aconnect/usermanagement/service/UserService.java b/aconnect/src/main/java/com/mfsys/aconnect/usermanagement/service/UserService.java
index 7fe0bf5..a7a453a 100644
--- a/aconnect/src/main/java/com/mfsys/aconnect/usermanagement/service/UserService.java
+++ b/aconnect/src/main/java/com/mfsys/aconnect/usermanagement/service/UserService.java
@@ -50,7 +50,7 @@ public class UserService {
     User user = userRepository.findById(request.getUserId())
             .orElseThrow(() -> new EntityNotFoundException("User not found with ID: " + request.getUserId()));
 
-    boolean isPasswordValid = PasswordEncryptionService.verifyPassword(request.getOldPassword(), request.getNewPassword());
+    boolean isPasswordValid = PasswordEncryptionService.verifyPassword(request.getOldPassword(), user.getPassword());
     if(!isPasswordValid) {
       throw new OldPasswordNotMatch(request.getPorOrgacode());
     }