diff --git a/server/controllers/user.controller.js b/server/controllers/user.controller.js
index 7efd7693df..da5f4c615c 100644
--- a/server/controllers/user.controller.js
+++ b/server/controllers/user.controller.js
@@ -295,6 +295,16 @@ export async function updateSettings(req, res) {
     }
     user.username = req.body.username;
 
+    if (req.body.newPassword) {
+      if (user.password === undefined) {
+        user.password = req.body.newPassword;
+        saveUser(res, user);
+      }
+      if (!req.body.currentPassword) {
+        res.status(401).json({ error: 'Current password is not provided.' });
+        return;
+      }
+    }
     if (req.body.currentPassword) {
       const isMatch = await user.comparePassword(req.body.currentPassword);
       if (!isMatch) {