pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-02-25 14:26:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

no reset password for external users

Browse Source
This commit is contained in:
miloschwartz
2025-10-30 22:24:07 -07:00
parent e585972b7b
commit da0196a308
1 changed files with 35 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
server/routers/auth/requestPasswordReset.ts
View File

@@ -15,13 +15,11 @@ import config from "@server/lib/config";
import { sendEmail } from "@server/emails"; import { sendEmail } from "@server/emails";
import ResetPasswordCode from "@server/emails/templates/ResetPasswordCode"; import ResetPasswordCode from "@server/emails/templates/ResetPasswordCode";
import { hashPassword } from "@server/auth/password"; import { hashPassword } from "@server/auth/password";
import { UserType } from "@server/types/UserTypes";
export const requestPasswordResetBody = z export const requestPasswordResetBody = z
.object({ .object({
email: z email: z.string().toLowerCase().email()
.string()
.toLowerCase()
.email(),
}) })
.strict(); .strict();
@@ -56,12 +54,35 @@ export async function requestPasswordReset(
.where(eq(users.email, email)); .where(eq(users.email, email));
if (!existingUser || !existingUser.length) { if (!existingUser || !existingUser.length) {
return next( await randomDelay(2000);
createHttpError( logger.debug(
HttpCode.BAD_REQUEST, `Password reset requested for ${email}, but no such user exists`
"A user with that email does not exist"
)
); );
return response<RequestPasswordResetResponse>(res, {
data: {
sentEmail: true
},
success: true,
error: false,
message: "Password reset requested",
status: HttpCode.OK
});
}
if (existingUser[0].type !== UserType.Internal) {
await randomDelay(2000);
logger.debug(
`Password reset requested for ${email}, but user is of type ${existingUser[0].type}`
);
return response<RequestPasswordResetResponse>(res, {
data: {
sentEmail: true
},
success: true,
error: false,
message: "Password reset requested",
status: HttpCode.OK
});
} }
const token = generateRandomString(8, alphabet("0-9", "A-Z", "a-z")); const token = generateRandomString(8, alphabet("0-9", "A-Z", "a-z"));
@@ -120,3 +141,8 @@ export async function requestPasswordReset(
); );
} }
} }
async function randomDelay(maxDelayMs: number) {
const delay = Math.floor(Math.random() * maxDelayMs);
return new Promise((resolve) => setTimeout(resolve, delay));
}