mirror of
https://github.com/HeyPuter/puter
synced 2024-11-15 06:15:47 +00:00
Fix false-positive password recovery response
This commit is contained in:
parent
f5f75dbef8
commit
5c1e6ab16b
@ -53,10 +53,15 @@ router.post('/set-pass-using-token', express.json(), async (req, res, next)=>{
|
|||||||
return res.status(400).send(`Password must be at least ${config.min_pass_length} characters long.`)
|
return res.status(400).send(`Password must be at least ${config.min_pass_length} characters long.`)
|
||||||
|
|
||||||
try{
|
try{
|
||||||
await db.write(
|
const info = await db.write(
|
||||||
'UPDATE user SET password=?, pass_recovery_token=NULL WHERE `uuid` = ? AND pass_recovery_token = ?',
|
'UPDATE user SET password=?, pass_recovery_token=NULL WHERE `uuid` = ? AND pass_recovery_token = ?',
|
||||||
[await bcrypt.hash(req.body.password, 8), req.body.user_id, req.body.token]
|
[await bcrypt.hash(req.body.password, 8), req.body.user_id, req.body.token]
|
||||||
);
|
);
|
||||||
|
|
||||||
|
if ( ! info?.anyRowsAffected ) {
|
||||||
|
return res.status(400).send('Invalid token or user_id.');
|
||||||
|
}
|
||||||
|
|
||||||
invalidate_cached_user_by_id(req.body.user_id);
|
invalidate_cached_user_by_id(req.body.user_id);
|
||||||
|
|
||||||
return res.send('Password successfully updated.')
|
return res.send('Password successfully updated.')
|
||||||
|
Loading…
Reference in New Issue
Block a user