Invalidate tokens on password change

author: ChrisChrome <christophercookman@gmail.com> 2022-08-10 19:11:04 -0600
committer: Madeline <46743919+MaddyUnderStars@users.noreply.github.com> 2022-12-18 23:51:42 +1100
commit: cdb500e8e66e540e044cbea3843b22da8349f8b1 (patch)
tree: 633362c1b7ddbd2ab6370098895ca714108a10e0 /src
parent: Make teams nullable (diff)
download: server-cdb500e8e66e540e044cbea3843b22da8349f8b1.tar.xz
1 files changed, 10 insertions, 2 deletions
diff --git a/src/api/routes/users/@me/index.ts b/src/api/routes/users/@me/index.ts
index 5738776f..3ac48f27 100644
--- a/src/api/routes/users/@me/index.ts
+++ b/src/api/routes/users/@me/index.ts
@@ -9,10 +9,10 @@ import {
 	adjustEmail,
 	Config,
 	UserModifySchema,
+	generateToken,
 } from "@fosscord/util";
 import { route } from "@fosscord/api";
 import bcrypt from "bcrypt";
-import { HTTPError } from "lambert-server";
 
 const router: Router = Router();
 
@@ -36,6 +36,9 @@ router.patch(
 			select: [...PrivateUserProjection, "data"],
 		});
 
+		// Populated on password change
+		var newToken: string | undefined;
+
 		if (body.avatar)
 			body.avatar = await handleFile(
 				`/avatars/${req.user_id}`,
@@ -94,6 +97,8 @@ router.patch(
 				});
 			}
 			user.data.hash = await bcrypt.hash(body.new_password, 12);
+			user.data.valid_tokens_since = new Date();
+			newToken = await generateToken(user.id) as string;
 		}
 
 		if (body.username) {
@@ -140,7 +145,10 @@ router.patch(
 			data: user,
 		} as UserUpdateEvent);
 
-		res.json(user);
+		res.json({
+			...user,
+			newToken,
+		});
 	},
 );
author	ChrisChrome <christophercookman@gmail.com>	2022-08-10 19:11:04 -0600
committer	Madeline <46743919+MaddyUnderStars@users.noreply.github.com>	2022-12-18 23:51:42 +1100
commit	cdb500e8e66e540e044cbea3843b22da8349f8b1 (patch)
tree	633362c1b7ddbd2ab6370098895ca714108a10e0 /src
parent	Make teams nullable (diff)
download	server-cdb500e8e66e540e044cbea3843b22da8349f8b1.tar.xz