Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-09-22 08:12:00 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

🔒 fix: Update Token Deletion To Prevent Undefined Field Queries (#9477)

Browse source 
* Refactor deleteTokens to use an array of conditions for querying, ensuring only specified fields are considered for deletion.
* Add error handling to prevent accidental deletion when no query parameters are provided.
* Update AuthService to match the new deleteTokens signature by passing an object instead of a string for email.
This commit is contained in:
Danny Avila 2025-09-05 17:26:02 -04:00 committed by GitHub
parent 1869854d70
commit fff1f1cf27
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 453 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
api/server/services/AuthService.js
View file

@ -465,7 +465,7 @@ const setOpenIDAuthTokens = (tokenset, res, userId) => {
const resendVerificationEmail = async (req) => {
try {
const { email } = req.body;
await deleteTokens(email);
await deleteTokens({ email });
const user = await findUser({ email }, 'email _id name');
if (!user) {