Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-09-22 06:00:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

🔑 fix(AuthService): properly handle reading and deletion of password reset token (#3697)

Browse source
This commit is contained in:
Marco Beretta 2024-08-19 23:55:33 +02:00 committed by GitHub
parent cebb3751c1
commit d4c0f7267a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

5
api/server/services/AuthService.js
View file

@ -280,9 +280,8 @@ const requestPasswordReset = async (req) => {
* @returns
*/
const resetPassword = async (userId, token, password) => {
let passwordResetToken = await createToken({
let passwordResetToken = await findToken({
userId,
expiresIn: 900,
});
if (!passwordResetToken) {
@ -311,7 +310,7 @@ const resetPassword = async (userId, token, password) => {
});
}
await passwordResetToken.deleteOne();
await deleteTokens({ token: passwordResetToken.token });
logger.info(`[resetPassword] Password reset successful. [Email: ${user.email}]`);
return { message: 'Password reset was successful' };
};