refactor: remove "password" in comments

src/api/users.js

@@ -67,8 +67,8 @@ usersAPI.update = async function (caller, data) {
 		privileges.users.canEdit(caller.uid, data.uid),
 	]);
 
-	// Changing own email/username requires password confirmation
+	const isChangingEmailOrUsername = data.hasOwnProperty('email') || data.hasOwnProperty('username');
-	if (data.hasOwnProperty('email') || data.hasOwnProperty('username')) {
+	if (isChangingEmailOrUsername) {
 		await isPrivilegedOrSelfAndPasswordMatch(caller, data);
 	}
 
@@ -547,7 +547,6 @@ async function processDeletion({ uid, method, password, caller }) {
 		throw new Error('[[error:no-privileges]]');
 	}
 
-	// Self-deletions require a password
 	const hasPassword = await user.hasPassword(uid);
 	if (isSelf && hasPassword) {
 		const ok = await user.isPasswordCorrect(uid, password, caller.ip);

src/cli/setup.js

@@ -51,8 +51,7 @@ async function setup(initConfig) {
 	}
 	console.log('NodeBB Setup Completed. Run "./nodebb start" to manually start your NodeBB server.');
 
-	// If I am a child process, notify the parent of the returned data before exiting (useful for notifying
+	// If I am a child process, notify the parent of the returned data before exiting (useful for notifying hosts during headless setups)
-	// hosts of auto-generated username/password during headless setups)
 	if (process.send) {
 		process.send(data);
 	}

src/install.js

@@ -370,26 +370,21 @@ async function createAdmin() {
 	}
 
 	async function retryPassword(originalResults) {
-		// Ask only the password questions
 		const results = await prompt.get(passwordQuestions);
 
-		// Update the original data with newly collected password
 		originalResults.password = results.password;
 		originalResults['password:confirm'] = results['password:confirm'];
 
-		// Send back to success to handle
 		return await success(originalResults);
 	}
 
-	// Add the password questions
 	questions = questions.concat(passwordQuestions);
 
 	if (!install.values) {
 		const results = await prompt.get(questions);
 		return await success(results);
 	}
-	// If automated setup did not provide a user password, generate one,
+
-	// it will be shown to the user upon setup completion
 	if (!install.values.hasOwnProperty('admin:password') && !nconf.get('admin:password')) {
 		console.log('Password was not provided during automated setup, generating one...');
 		password = utils.generateUUID().slice(0, 8);

src/middleware/admin.js

@@ -47,7 +47,6 @@ middleware.checkPrivileges = helpers.try(async (req, res, next) => {
 		}
 	}
 
-	// If user does not have password
 	const hasPassword = await user.hasPassword(req.uid);
 	if (!hasPassword) {
 		return next();

src/socket.io/user.js

@@ -24,7 +24,6 @@ require('./user/status')(SocketUser);
 require('./user/picture')(SocketUser);
 require('./user/registration')(SocketUser);
 
-// Password Reset
 SocketUser.reset = {};
 
 SocketUser.reset.send = async function (socket, email) {

src/user/data.js

@@ -82,7 +82,6 @@ module.exports = function (User) {
 		if (!fields.length) {
 			fields = results.whitelist;
 		} else {
-			// Never allow password retrieval via this method
 			fields = fields.filter(value => value !== 'password');
 		}
 

src/user/index.js

@@ -244,7 +244,7 @@ User.addInterstitials = function (callback) {
 	plugins.hooks.register('core', {
 		hook: 'filter:register.interstitial',
 		method: [
-			User.interstitials.email, // Email address (for password reset + digest)
+			User.interstitials.email, // Email address
 			User.interstitials.gdpr, // GDPR information collection/processing consent + email consent
 			User.interstitials.tou, // Forum Terms of Use
 		],

src/user/reset.js

@@ -108,7 +108,6 @@ UserReset.commit = async function (code, password) {
 		'password:shaWrapped': 1,
 	};
 
-	// don't verify email if password reset is due to expiry
 	const isPasswordExpired = userData.passwordExpiry && userData.passwordExpiry < Date.now();
 	if (!isPasswordExpired) {
 		data['email:confirmed'] = 1;