From 7f04f2e2fe6bcd30a18bedcd8edbe5acde08f54a Mon Sep 17 00:00:00 2001
From: Martin Lensment <mlensment@gmail.com>
Date: Mon, 6 Apr 2015 17:01:13 +0300
Subject: [PATCH] Do not allow log in if password update fails

---
 app/controllers/epp/sessions_controller.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/controllers/epp/sessions_controller.rb b/app/controllers/epp/sessions_controller.rb
index 410dd41cb..47d10dbc2 100644
--- a/app/controllers/epp/sessions_controller.rb
+++ b/app/controllers/epp/sessions_controller.rb
@@ -21,6 +21,7 @@ class Epp::SessionsController < EppController
     if @api_user.try(:active) && cert_valid
       if parsed_frame.css('newPW').first
         unless @api_user.update(password: parsed_frame.css('newPW').first.text)
+          response.headers['X-EPP-Returncode'] = '2200'
           handle_errors(@api_user) and return
         end
       end