redirect: when logging in to ezidam, if user has expired password reset token, delete it

2023-05-01 22:18:50 +02:00 · 2023-05-01 22:18:50 +02:00 · 0baeeadce9
commit 0baeeadce9
parent da4b204601
3 changed files with 22 additions and 1 deletions
--- a/crates/ezidam/src/routes/oauth/authorize.rs
+++ b/crates/ezidam/src/routes/oauth/authorize.rs
@ -208,9 +208,11 @@ pub async fn authorize_form(
    // Generate authorization code
    let code = task::spawn_blocking(|| SecretString::new(AUTHORIZATION_CODE_LEN)).await?;

-    // Save authorization code
    let mut transaction = db.begin().await?;
+
+    // Save authorization code
    AuthorizationCode::insert(&mut transaction, code.as_ref(), app.id(), &user_id).await?;
+
    transaction.commit().await?;

    // Redirect to oauth redirect uri
--- a/crates/ezidam/src/routes/oauth/redirect.rs
+++ b/crates/ezidam/src/routes/oauth/redirect.rs
@ -123,6 +123,18 @@ pub async fn redirect_page(
        cookie_jar.add(cookie);
    }

+    // If user has unused password reset token
+    if let Some(password_recover) = user
+        .password_recover()
+        .map_err(|e| Error::internal_server_error(format!("Password recover: {e}")))?
+    {
+        // If it has expired, delete it
+        if password_recover.has_expired() {
+            user.set_password_reset_token(&mut transaction, None)
+                .await?;
+        }
+    }
+
    transaction.commit().await?;

    // HTTP Response