Expire password reset tokens if user's email changes.

2018-10-04 10:35:00 -07:00
parent 152ff41cf8
commit 6ebce1832b
3 changed files with 31 additions and 15 deletions
--- a/src/Routers/ClassesRouter.js
+++ b/src/Routers/ClassesRouter.js
@@ -105,6 +105,17 @@ export class ClassesRouter extends PromiseRouter {
    );
  }

+  afterUpdate(req, response) {
+    if (this.className(req) === '_User' && ('email' in req.body)) {
+      const userController = req.config.userController;
+      return userController.clearPasswordResetToken(req.params.objectId)
+        .then(() =>
+          response
+        );
+    }
+    return Promise.resolve(response);
+  }
+
  handleUpdate(req) {
    const where = { objectId: req.params.objectId };
    return rest.update(
@@ -114,7 +125,7 @@ export class ClassesRouter extends PromiseRouter {
      where,
      req.body,
      req.info.clientSDK
-    );
+    ).then(this.afterUpdate.bind(this, req));
  }

  handleDelete(req) {