From e9c5f123383e461a890c95368dce6f79d3b84660 Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Wed, 12 Aug 2020 09:15:31 +0200
Subject: Do not reuse reset password links

---
 server/lib/redis.ts | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'server/lib')

diff --git a/server/lib/redis.ts b/server/lib/redis.ts
index 5313c4685..a075eee2d 100644
--- a/server/lib/redis.ts
+++ b/server/lib/redis.ts
@@ -84,6 +84,10 @@ class Redis {
     return generatedString
   }
 
+  async removePasswordVerificationString (userId: number) {
+    return this.removeValue(this.generateResetPasswordKey(userId))
+  }
+
   async getResetPasswordLink (userId: number) {
     return this.getValue(this.generateResetPasswordKey(userId))
   }
@@ -290,6 +294,16 @@ class Redis {
     })
   }
 
+  private removeValue (key: string) {
+    return new Promise<void>((res, rej) => {
+      this.client.del(this.prefix + key, err => {
+        if (err) return rej(err)
+
+        return res()
+      })
+    })
+  }
+
   private setObject (key: string, obj: { [id: string]: string }, expirationMilliseconds: number) {
     return new Promise<void>((res, rej) => {
       this.client.hmset(this.prefix + key, obj, (err, ok) => {
-- 
cgit v1.2.3