diff options
author | ChrisChrome <christophercookman@gmail.com> | 2022-08-10 19:11:04 -0600 |
---|---|---|
committer | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-12-18 23:51:42 +1100 |
commit | cdb500e8e66e540e044cbea3843b22da8349f8b1 (patch) | |
tree | 633362c1b7ddbd2ab6370098895ca714108a10e0 /src/api/routes | |
parent | Make teams nullable (diff) | |
download | server-cdb500e8e66e540e044cbea3843b22da8349f8b1.tar.xz |
Invalidate tokens on password change
Diffstat (limited to 'src/api/routes')
-rw-r--r-- | src/api/routes/users/@me/index.ts | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/src/api/routes/users/@me/index.ts b/src/api/routes/users/@me/index.ts index 5738776f..3ac48f27 100644 --- a/src/api/routes/users/@me/index.ts +++ b/src/api/routes/users/@me/index.ts @@ -9,10 +9,10 @@ import { adjustEmail, Config, UserModifySchema, + generateToken, } from "@fosscord/util"; import { route } from "@fosscord/api"; import bcrypt from "bcrypt"; -import { HTTPError } from "lambert-server"; const router: Router = Router(); @@ -36,6 +36,9 @@ router.patch( select: [...PrivateUserProjection, "data"], }); + // Populated on password change + var newToken: string | undefined; + if (body.avatar) body.avatar = await handleFile( `/avatars/${req.user_id}`, @@ -94,6 +97,8 @@ router.patch( }); } user.data.hash = await bcrypt.hash(body.new_password, 12); + user.data.valid_tokens_since = new Date(); + newToken = await generateToken(user.id) as string; } if (body.username) { @@ -140,7 +145,10 @@ router.patch( data: user, } as UserUpdateEvent); - res.json(user); + res.json({ + ...user, + newToken, + }); }, ); |