aboutsummaryrefslogtreecommitdiffhomepage
path: root/server
diff options
context:
space:
mode:
Diffstat (limited to 'server')
-rw-r--r--server/controllers/api/users/index.ts1
-rw-r--r--server/lib/redis.ts14
-rw-r--r--server/tests/api/server/email.ts4
3 files changed, 19 insertions, 0 deletions
diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts
index 5ae0dc7a7..5b113feac 100644
--- a/server/controllers/api/users/index.ts
+++ b/server/controllers/api/users/index.ts
@@ -356,6 +356,7 @@ async function resetUserPassword (req: express.Request, res: express.Response) {
356 user.password = req.body.password 356 user.password = req.body.password
357 357
358 await user.save() 358 await user.save()
359 await Redis.Instance.removePasswordVerificationString(user.id)
359 360
360 return res.status(204).end() 361 return res.status(204).end()
361} 362}
diff --git a/server/lib/redis.ts b/server/lib/redis.ts
index 5313c4685..a075eee2d 100644
--- a/server/lib/redis.ts
+++ b/server/lib/redis.ts
@@ -84,6 +84,10 @@ class Redis {
84 return generatedString 84 return generatedString
85 } 85 }
86 86
87 async removePasswordVerificationString (userId: number) {
88 return this.removeValue(this.generateResetPasswordKey(userId))
89 }
90
87 async getResetPasswordLink (userId: number) { 91 async getResetPasswordLink (userId: number) {
88 return this.getValue(this.generateResetPasswordKey(userId)) 92 return this.getValue(this.generateResetPasswordKey(userId))
89 } 93 }
@@ -290,6 +294,16 @@ class Redis {
290 }) 294 })
291 } 295 }
292 296
297 private removeValue (key: string) {
298 return new Promise<void>((res, rej) => {
299 this.client.del(this.prefix + key, err => {
300 if (err) return rej(err)
301
302 return res()
303 })
304 })
305 }
306
293 private setObject (key: string, obj: { [id: string]: string }, expirationMilliseconds: number) { 307 private setObject (key: string, obj: { [id: string]: string }, expirationMilliseconds: number) {
294 return new Promise<void>((res, rej) => { 308 return new Promise<void>((res, rej) => {
295 this.client.hmset(this.prefix + key, obj, (err, ok) => { 309 this.client.hmset(this.prefix + key, obj, (err, ok) => {
diff --git a/server/tests/api/server/email.ts b/server/tests/api/server/email.ts
index b01a91d48..05c89d2a3 100644
--- a/server/tests/api/server/email.ts
+++ b/server/tests/api/server/email.ts
@@ -123,6 +123,10 @@ describe('Test emails', function () {
123 await resetPassword(server.url, userId, verificationString, 'super_password2') 123 await resetPassword(server.url, userId, verificationString, 'super_password2')
124 }) 124 })
125 125
126 it('Should not reset the password with the same verification string', async function () {
127 await resetPassword(server.url, userId, verificationString, 'super_password3', 403)
128 })
129
126 it('Should login with this new password', async function () { 130 it('Should login with this new password', async function () {
127 user.password = 'super_password2' 131 user.password = 'super_password2'
128 132