matt/stratos
1
0
Fork 0
mirror of https://github.com/matt-fidd/stratos.git synced 2026-01-01 20:19:30 +00:00
Code Issues Projects Releases Wiki Activity

Rewrite PasswordReset constructor to check for token in record

Browse Source
This commit is contained in:
matt
2022-02-14 10:28:16 +00:00
parent 179bd4ce93
commit 53ac018d40
1 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
lib/PasswordReset.js
View File

@@ -11,21 +11,28 @@ class PasswordReset {
nonce; nonce;
expires; expires;
constructor(userId) { constructor(userId, token) {
const sql = ` const sql = `
select select
userId,
token, token,
nonce, nonce,
expires, UNIX_TIMESTAMP(expires) as expires
userId
from passwordReset from passwordReset
where where
userId = ?; userId = ?
and token = ?;
`; `;
return (async () => { return (async () => {
const conn = await new DatabaseConnectionPool(); const conn = await new DatabaseConnectionPool();
const record = await conn.runQuery(sql, [ userId ]); const record = await conn.runQuery(sql, [
userId,
token
]);
if (!record.length)
throw new Error('No password reset found');
for (const [ k, v ] of Object.entries(record[0])) for (const [ k, v ] of Object.entries(record[0]))
this[k] = v; this[k] = v;
@@ -85,7 +92,7 @@ class PasswordReset {
expires expires
]); ]);
return new PasswordReset(u.id); return new PasswordReset(u.id, token);
} }
} }