Invalidate tokens on password change
This commit is contained in:
ChrisChrome
Madeline
parent
39f4aa6b70
commit
cdb500e8e6
@ -9,10 +9,10 @@ import {
|
|||||||
adjustEmail,
|
adjustEmail,
|
||||||
Config,
|
Config,
|
||||||
UserModifySchema,
|
UserModifySchema,
|
||||||
|
generateToken,
|
||||||
} from "@fosscord/util";
|
} from "@fosscord/util";
|
||||||
import { route } from "@fosscord/api";
|
import { route } from "@fosscord/api";
|
||||||
import bcrypt from "bcrypt";
|
import bcrypt from "bcrypt";
|
||||||
import { HTTPError } from "lambert-server";
|
|
||||||
|
|
||||||
const router: Router = Router();
|
const router: Router = Router();
|
||||||
|
|
||||||
@ -36,6 +36,9 @@ router.patch(
|
|||||||
select: [...PrivateUserProjection, "data"],
|
select: [...PrivateUserProjection, "data"],
|
||||||
});
|
});
|
||||||
|
|
||||||
|
// Populated on password change
|
||||||
|
var newToken: string | undefined;
|
||||||
|
|
||||||
if (body.avatar)
|
if (body.avatar)
|
||||||
body.avatar = await handleFile(
|
body.avatar = await handleFile(
|
||||||
`/avatars/${req.user_id}`,
|
`/avatars/${req.user_id}`,
|
||||||
@ -94,6 +97,8 @@ router.patch(
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
user.data.hash = await bcrypt.hash(body.new_password, 12);
|
user.data.hash = await bcrypt.hash(body.new_password, 12);
|
||||||
|
user.data.valid_tokens_since = new Date();
|
||||||
|
newToken = await generateToken(user.id) as string;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (body.username) {
|
if (body.username) {
|
||||||
@ -140,7 +145,10 @@ router.patch(
|
|||||||
data: user,
|
data: user,
|
||||||
} as UserUpdateEvent);
|
} as UserUpdateEvent);
|
||||||
|
|
||||||
res.json(user);
|
res.json({
|
||||||
|
...user,
|
||||||
|
newToken,
|
||||||
|
});
|
||||||
},
|
},
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user