diff --git a/src/api/routes/auth/reset.ts b/src/api/routes/auth/reset.ts
index 94053e1a..9ab25dca 100644
--- a/src/api/routes/auth/reset.ts
+++ b/src/api/routes/auth/reset.ts
@@ -10,7 +10,6 @@ import {
} from "@fosscord/util";
import bcrypt from "bcrypt";
import { Request, Response, Router } from "express";
-import { HTTPError } from "lambert-server";
const router = Router();
@@ -20,37 +19,37 @@ router.post(
async (req: Request, res: Response) => {
const { password, token } = req.body as PasswordResetSchema;
- try {
- const { jwtSecret } = Config.get().security;
- const { user } = await checkToken(token, jwtSecret, true);
-
- // the salt is saved in the password refer to bcrypt docs
- const hash = await bcrypt.hash(password, 12);
+ const { jwtSecret } = Config.get().security;
- const data = {
- data: {
- hash,
- valid_tokens_since: new Date(),
+ let user;
+ try {
+ const userTokenData = await checkToken(token, jwtSecret, true);
+ user = userTokenData.user;
+ } catch {
+ throw FieldErrors({
+ password: {
+ message: req.t("auth:password_reset.INVALID_TOKEN"),
+ code: "INVALID_TOKEN",
},
- };
- await User.update({ id: user.id }, data);
-
- // come on, the user has to have an email to reset their password in the first place
- // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
- await Email.sendPasswordChanged(user, user.email!);
-
- res.json({ token: await generateToken(user.id) });
- } catch (e) {
- if ((e as Error).toString() === "Invalid Token")
- throw FieldErrors({
- password: {
- message: req.t("auth:password_reset.INVALID_TOKEN"),
- code: "INVALID_TOKEN",
- },
- });
-
- throw new HTTPError((e as Error).toString(), 400);
+ });
}
+
+ // the salt is saved in the password refer to bcrypt docs
+ const hash = await bcrypt.hash(password, 12);
+
+ const data = {
+ data: {
+ hash,
+ valid_tokens_since: new Date(),
+ },
+ };
+ await User.update({ id: user.id }, data);
+
+ // come on, the user has to have an email to reset their password in the first place
+ // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+ await Email.sendPasswordChanged(user, user.email!);
+
+ res.json({ token: await generateToken(user.id) });
},
);
|
