1 files changed, 14 insertions, 6 deletions

diff --git a/server/src/auth.rs b/server/src/auth.rs
index 6463eb1..26da82b 100644
--- a/server/src/auth.rs
+++ b/server/src/auth.rs
@@ -8,8 +8,8 @@ use crate::State;
 use anyhow::{Result, anyhow, bail};
 use argon2::{Argon2, PasswordHasher, password_hash::Salt};
 use jellycommon::{
-    USER_LOGIN, USER_PASSWORD,
     jellyobject::{ObjectBuffer, Path},
+    *,
 };
 use jellydb::{Filter, Query, Sort};
 
@@ -25,7 +25,12 @@ pub fn token_to_user(state: &State, token: &str) -> Result<ObjectBuffer> {
     user.ok_or(anyhow!("user was deleted"))
 }
 
-pub fn login(state: &State, username: &str, password: &str, expire: Option<i64>) -> Result<String> {
+pub fn login(
+    state: &State,
+    username: &str,
+    password: &str,
+    expire: Option<i64>,
+) -> Result<(String, bool)> {
     let password = hash_password(username, password);
 
     let mut user_row = None;
@@ -51,10 +56,13 @@ pub fn login(state: &State, username: &str, password: &str, expire: Option<i64>)
         bail!("incorrect password")
     }
 
-    Ok(token::create(
-        &state.session_key,
-        user_row,
-        expire.unwrap_or(60 * 60 * 24 * 30),
+    Ok((
+        token::create(
+            &state.session_key,
+            user_row,
+            expire.unwrap_or(60 * 60 * 24 * 30),
+        ),
+        user.as_object().has(USER_PASSWORD_REQUIRE_CHANGE.0),
     ))
 }