Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-17 08:50:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

🔑 fix(AuthService): properly handle reading and deletion of password reset token (#3697)

Browse source
This commit is contained in:
Marco Beretta 2024-08-19 23:55:33 +02:00 committed by GitHub
parent cebb3751c1
commit d4c0f7267a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

5
api/server/services/AuthService.js
View file

@ -280,9 +280,8 @@ const requestPasswordReset = async (req) => {
* @returns * @returns
*/ */
const resetPassword = async (userId, token, password) => { const resetPassword = async (userId, token, password) => {
let passwordResetToken = await createToken({ let passwordResetToken = await findToken({
userId, userId,
expiresIn: 900,
}); });
if (!passwordResetToken) { if (!passwordResetToken) {
@ -311,7 +310,7 @@ const resetPassword = async (userId, token, password) => {
}); });
} }
await passwordResetToken.deleteOne(); await deleteTokens({ token: passwordResetToken.token });
logger.info(`[resetPassword] Password reset successful. [Email: ${user.email}]`); logger.info(`[resetPassword] Password reset successful. [Email: ${user.email}]`);
return { message: 'Password reset was successful' }; return { message: 'Password reset was successful' };
}; };