github-starred/better-auth
2
0
Fork 0
mirror of https://github.com/better-auth/better-auth.git synced 2026-05-29 10:26:49 -05:00
Code Issues 2.5k Packages Projects Releases 112 Wiki Activity

fix: correct forget password redirect (#417)

Browse Source
This commit is contained in:
Borut Svara
2024-11-05 16:04:31 +01:00
committed by GitHub
parent 2f03a88e10
commit f0143251c1
1 changed files with 33 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
packages/better-auth/src/api/routes/forget-password.ts
View File

@@ -1,6 +1,31 @@
import { z } from "zod";
import { createAuthEndpoint } from "../call";
import { APIError } from "better-call";
import type { AuthContext } from "../../init";
function redirectError(
ctx: AuthContext,
callbackURL: string | undefined,
query?: Record<string, string>,
): string {
const url = callbackURL
? new URL(callbackURL, ctx.baseURL)
: new URL(`${ctx.baseURL}/error`);
if (query)
Object.entries(query).forEach(([k, v]) => url.searchParams.set(k, v));
return url.href;
}
function redirectCallback(
ctx: AuthContext,
callbackURL: string,
query?: Record<string, string>,
): string {
const url = new URL(callbackURL, ctx.baseURL);
if (query)
Object.entries(query).forEach(([k, v]) => url.searchParams.set(k, v));
return url.href;
}
export const forgetPassword = createAuthEndpoint(
"/forget-password",
@@ -83,23 +108,22 @@ export const forgetPasswordCallback = createAuthEndpoint(
},
async (ctx) => {
const { token } = ctx.params;
const callbackURL = ctx.query.callbackURL;
const redirectTo = callbackURL.startsWith("http")
? callbackURL
: `${ctx.context.options.baseURL}${callbackURL}`;
const { callbackURL } = ctx.query;
if (!token || !callbackURL) {
throw ctx.redirect(`${ctx.context.baseURL}/error?error=INVALID_TOKEN`);
throw ctx.redirect(
redirectError(ctx.context, callbackURL, { error: "INVALID_TOKEN" }),
);
}
const verification =
await ctx.context.internalAdapter.findVerificationValue(
`reset-password:${token}`,
);
if (!verification || verification.expiresAt < new Date()) {
throw ctx.redirect(`${redirectTo}?error=INVALID_TOKEN`);
throw ctx.redirect(
redirectError(ctx.context, callbackURL, { error: "INVALID_TOKEN" }),
);
}
throw ctx.redirect(
`${redirectTo}${redirectTo.includes("?") ? "&" : "?"}token=${token}`,
);
throw ctx.redirect(redirectCallback(ctx.context, callbackURL, { token }));
},
);