Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: clear reset tokens on successful login

Browse Source
This commit is contained in:
Julian Lam
2021-06-14 11:50:32 -04:00
parent c7006ec6b4
commit f9728aff2c
2 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/controllers/authentication.js
View File

@@ -360,6 +360,7 @@ authenticationController.onSuccessfulLogin = async function (req, uid) {
await meta.blacklist.test(req.ip);
await user.logIP(uid, req.ip);
await user.bans.unbanIfExpired([uid]);
await user.reset.cleanByUid(uid);
req.session.meta = {};

7
test/authentication.js
View File

@@ -556,4 +556,11 @@ describe('authentication', () => {
},
], done);
});
it('should clear all reset tokens upon successful login', async () => {
const code = await user.reset.generate(regularUid);
await loginUserPromisified('regular', 'regularpwd');
const valid = await user.reset.validate(code);
assert.strictEqual(valid, false);
});
});