diff --git a/hackerden/front/chat-api.js b/hackerden/front/chat-api.js
index 6561076e..29da6bbb 100644
--- a/hackerden/front/chat-api.js
+++ b/hackerden/front/chat-api.js
@@ -75,10 +75,10 @@ getCurrentUser = async(req, resp) => {
   
   if(user.permissions && user.permissions.length > 0 && user.permissions.length < 10){
     for(let perm of user.permissions){
-      if(perm.indexOf("currentuser")){
+      if(perm.indexOf("currentuser") >= 0){
         challengeId = "owasp2017sensitive"
       } 
-      else if(perm.indexOf("messages")){
+      else if(perm.indexOf("messages") >= 0){
         challengeId = "owasp2017brokenauth"
         break
       }