MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Invalidate reset code once used

This commit is contained in:
Adria Navarro 2023-12-29 15:06:04 +01:00
parent 6909cbed29
commit f722f9e2d6
2 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
packages/backend-core/src/cache/passwordReset.ts vendored
View File

@ -1,6 +1,6 @@
import * as redis from "../redis/init" import * as redis from "../redis/init"
import * as utils from "../utils" import * as utils from "../utils"
import { Duration, DurationType } from "../utils" import { Duration } from "../utils"
const TTL_SECONDS = Duration.fromHours(1).toSeconds() const TTL_SECONDS = Duration.fromHours(1).toSeconds()
@ -36,3 +36,12 @@ export async function getCode(code: string): Promise<PasswordReset> {
} }
return value return value
} }
/**
* Given a reset code this will invalidate it.
* @param code The code provided via the email link.
*/
export async function invalidateCode(code: string): Promise<void> {
const client = await redis.getPasswordResetClient()
await client.delete(code)
}

2
packages/worker/src/sdk/auth/auth.ts
View File

@ -79,6 +79,8 @@ export const resetUpdate = async (resetCode: string, password: string) => {
user.password = password user.password = password
user = await userSdk.db.save(user) user = await userSdk.db.save(user)
await cache.passwordReset.invalidateCode(resetCode)
// remove password from the user before sending events // remove password from the user before sending events
delete user.password delete user.password
await events.user.passwordReset(user) await events.user.passwordReset(user)