joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Clear reset password token after reset password. _perishable_token is not a parse field, cannot clear it through rest. Update it separately. #951

Browse Source
This commit is contained in:
Carmen
2016-03-22 20:26:38 +08:00
parent 53e152e975
commit b3c5e836d5
1 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/Controllers/UserController.js
View File

@@ -168,7 +168,15 @@ export class UserController extends AdaptableController {
updatePassword(username, token, password, config) {
return this.checkResetTokenValidity(username, token).then((user) => {
return updateUserPassword(user._id, password, this.config);
});
}).then(() => {
// clear reset password token
return this.config.database.adaptiveCollection('_User').then(function (collection) {
// Need direct database access because verification token is not a parse field
return collection.findOneAndUpdate({ username: username },// query
{ $set: { _perishable_token: null } } // update
);
});
});
}
defaultVerificationEmail({link, user, appName, }) {
@@ -195,8 +203,7 @@ export class UserController extends AdaptableController {
// Mark this private
function updateUserPassword(userId, password, config) {
return rest.update(config, Auth.master(config), '_User', userId, {
password: password,
_perishable_token: null
password: password
});
}