Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-02-26 16:41:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: #9605, expire all active reset tokens for a uid if that uid generates a new one

Browse Source
This commit is contained in:
Julian Lam
2021-06-11 14:38:56 -04:00
parent f4eb336ad3
commit 229f96f872
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/user/reset.js
View File

@@ -28,6 +28,10 @@ UserReset.validate = async function (code) {
UserReset.generate = async function (uid) { UserReset.generate = async function (uid) {
const code = utils.generateUUID(); const code = utils.generateUUID();
// Invalidate past tokens (must be done prior)
await UserReset.cleanByUid(uid);
await Promise.all([ await Promise.all([
db.setObjectField('reset:uid', code, uid), db.setObjectField('reset:uid', code, uid),
db.sortedSetAdd('reset:issueDate', Date.now(), code), db.sortedSetAdd('reset:issueDate', Date.now(), code),