reset_password.rb in rodauth-2.24.0

- old
+ new

@@ -128,19 +128,19 @@
           redirect reset_password_email_sent_redirect
         end
 
         password = param(password_param)
         catch_error do
+          unless password_meets_requirements?(password)
+            throw_error_status(invalid_field_error_status, password_param, password_does_not_meet_requirements_message)
+          end
+
           if password_match?(password) 
             throw_error_reason(:same_as_existing_password, invalid_field_error_status, password_param, same_as_existing_password_message)
           end
 
           if require_password_confirmation? && password != param(password_confirm_param)
             throw_error_reason(:passwords_do_not_match, unmatched_field_error_status, password_param, passwords_do_not_match_message)
-          end
-
-          unless password_meets_requirements?(password)
-            throw_error_status(invalid_field_error_status, password_param, password_does_not_meet_requirements_message)
           end
 
           transaction do
             before_reset_password
             set_password(password)