Thream/api
Archived
2
1
Fork 0
Code Issues Pull Requests Releases Activity

fix: on password reset, delete all refresh tokens

Browse Source
This commit is contained in:
Divlo 2022-08-29 16:32:24 +00:00
parent a6dd112e4a
commit b71da7dcc9
No known key found for this signature in database
GPG Key ID: 8F9478F220CE65E9
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/services/users/reset-password/__test__/put.test.ts
View File

@ -25,6 +25,11 @@ await tap.test('PUT /users/reset-password', async (t) => {
return userExample return userExample
} }
}) })
sinon.stub(prisma, 'refreshToken').value({
deleteMany: async () => {
return { count: 1 }
}
})
const response = await application.inject({ const response = await application.inject({
method: 'PUT', method: 'PUT',
url: '/users/reset-password', url: '/users/reset-password',

7
src/services/users/reset-password/put.ts
View File

@ -39,7 +39,7 @@ export const putResetPasswordUser: FastifyPluginAsync = async (fastify) => {
user?.temporaryExpirationToken != null && user?.temporaryExpirationToken != null &&
user.temporaryExpirationToken.getTime() > Date.now() user.temporaryExpirationToken.getTime() > Date.now()
if (user == null || !isValidTemporaryToken) { if (user == null || !isValidTemporaryToken) {
throw fastify.httpErrors.badRequest('"tempToken" is invalid') throw fastify.httpErrors.badRequest('`temporaryToken` is invalid.')
} }
const hashedPassword = await bcrypt.hash(password, 12) const hashedPassword = await bcrypt.hash(password, 12)
await prisma.user.update({ await prisma.user.update({
@ -52,6 +52,11 @@ export const putResetPasswordUser: FastifyPluginAsync = async (fastify) => {
temporaryExpirationToken: null temporaryExpirationToken: null
} }
}) })
await prisma.refreshToken.deleteMany({
where: {
userId: user.id
}
})
reply.statusCode = 200 reply.statusCode = 200
return 'The new password has been saved!' return 'The new password has been saved!'
} }