github-starred/actual
2
0
Fork 0
mirror of https://github.com/actualbudget/actual.git synced 2026-04-30 10:14:53 -05:00
Code Issues 1.4k Packages Projects Releases 54 Wiki Activity

fix: 🔒 Password change now invalidates old token (#102)

Browse Source
This commit is contained in:
Urjeet Patel
2023-01-31 13:32:39 -06:00
committed by GitHub
parent 38f2ab252e
commit 909b4b1c0b
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app-account.js
View File

@@ -94,10 +94,11 @@ app.post('/change-password', (req, res) => {
} }
let hashed = hashPassword(password); let hashed = hashPassword(password);
let token = uuid.v4();
// Note that this doesn't have a WHERE. This table only ever has 1 // Note that this doesn't have a WHERE. This table only ever has 1
// row (maybe that will change in the future? if this this will not work) // row (maybe that will change in the future? if this this will not work)
accountDb.mutate('UPDATE auth SET password = ?', [hashed]); accountDb.mutate('UPDATE auth SET password = ?', [hashed]);
accountDb.mutate('UPDATE sessions SET token = ?', [token]);
res.send({ status: 'ok', data: {} }); res.send({ status: 'ok', data: {} });
}); });