From e9c5f123383e461a890c95368dce6f79d3b84660 Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Wed, 12 Aug 2020 09:15:31 +0200
Subject: Do not reuse reset password links

---
 server/controllers/api/users/index.ts | 1 +
 1 file changed, 1 insertion(+)

(limited to 'server/controllers/api/users')

diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts
index 5ae0dc7a7..5b113feac 100644
--- a/server/controllers/api/users/index.ts
+++ b/server/controllers/api/users/index.ts
@@ -356,6 +356,7 @@ async function resetUserPassword (req: express.Request, res: express.Response) {
   user.password = req.body.password
 
   await user.save()
+  await Redis.Instance.removePasswordVerificationString(user.id)
 
   return res.status(204).end()
 }
-- 
cgit v1.2.3