github-starred/vikunja
2
0
Fork 0
mirror of https://github.com/go-vikunja/vikunja.git synced 2026-03-09 07:13:35 -05:00
Code Issues 219 Packages Projects Releases 2 Wiki Activity

fix(auth): remove password reset token after use

Browse Source
This commit is contained in:
kolaente
2026-02-27 14:10:34 +01:00
parent 059958b839
commit 5c2195f9fc
2 changed files with 23 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/user/user_password_reset.go
View File

@@ -65,7 +65,7 @@ func ResetPassword(s *xorm.Session, reset *PasswordReset) (userID int64, err err
return
}
err = removeTokens(s, user, TokenEmailConfirm)
err = removeTokens(s, user, TokenPasswordReset)
if err != nil {
return
}

22
pkg/user/user_test.go
View File

@@ -558,6 +558,28 @@ func TestUserPasswordReset(t *testing.T) {
_, err := ResetPassword(s, reset)
require.NoError(t, err)
})
t.Run("removes password reset token after use", func(t *testing.T) {
db.LoadAndAssertFixtures(t)
s := db.NewSession()
defer s.Close()
token := "passwordresettesttoken"
reset := &PasswordReset{
Token: token,
NewPassword: "12345",
}
_, err := ResetPassword(s, reset)
require.NoError(t, err)
err = s.Commit()
require.NoError(t, err)
db.AssertMissing(t, "user_tokens", map[string]interface{}{
"token": token,
"kind": TokenPasswordReset,
})
})
t.Run("without password", func(t *testing.T) {
db.LoadAndAssertFixtures(t)
s := db.NewSession()