From e0e2fc2a445410e4a2dbec2c54986e28d23adcf8 Mon Sep 17 00:00:00 2001
From: juancarmore <juancar_more2@hotmail.com>
Date: Mon, 26 Jan 2026 18:23:02 +0100
Subject: [PATCH] backend: update token and role validator to allow access to
 change-password and me endpoints when password change is required

---
 meet-ce/backend/src/middlewares/auth.middleware.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meet-ce/backend/src/middlewares/auth.middleware.ts b/meet-ce/backend/src/middlewares/auth.middleware.ts
index ef6748ce..d34242e0 100644
--- a/meet-ce/backend/src/middlewares/auth.middleware.ts
+++ b/meet-ce/backend/src/middlewares/auth.middleware.ts
@@ -135,11 +135,11 @@ export const tokenAndRoleValidator = (...roles: MeetUserRole[]): AuthValidator =
 
 			// Check if password change is required
 			if (user.mustChangePassword) {
-				// Allow only change password endpoint when password change is required
+				// Allow only change-password and me endpoints
 				const requestPath = req.path;
-				const allowedPath = `${INTERNAL_CONFIG.INTERNAL_API_BASE_PATH_V1}/users/change-password`;
+				const allowedPaths = ['/change-password', '/me'];
 
-				if (requestPath !== allowedPath) {
+				if (!allowedPaths.includes(requestPath)) {
 					throw errorPasswordChangeRequired();
 				}
 			}