Use the matched user email to send the password reset to (#1366)

pull/1329/head^2
Alex van Andel 2021-12-21 18:31:32 +01:00 committed by GitHub
parent bab72f1514
commit 9d7dc09974
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 18 deletions

View File

@ -1,7 +1,5 @@
import { ResetPasswordRequest } from "@prisma/client";
import dayjs from "dayjs";
import timezone from "dayjs/plugin/timezone";
import utc from "dayjs/plugin/utc";
import { NextApiRequest, NextApiResponse } from "next";
import { sendPasswordResetEmail } from "@lib/emails/email-manager";
@ -10,25 +8,21 @@ import prisma from "@lib/prisma";
import { getTranslation } from "@server/lib/i18n";
dayjs.extend(utc);
dayjs.extend(timezone);
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
const t = await getTranslation(req.body.language ?? "en", "common");
if (req.method !== "POST") {
return res.status(405).json({ message: "" });
return res.status(405).end();
}
try {
const rawEmail = req.body?.email;
const maybeUser = await prisma.user.findUnique({
where: {
email: rawEmail,
email: req.body?.email?.toLowerCase(),
},
select: {
name: true,
email: true,
},
});
@ -36,12 +30,11 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
return res.status(400).json({ message: "Couldn't find an account for this email" });
}
const now = dayjs().toDate();
const maybePreviousRequest = await prisma.resetPasswordRequest.findMany({
where: {
email: rawEmail,
email: maybeUser.email,
expires: {
gt: now,
gt: new Date(),
},
},
});
@ -54,7 +47,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
const expiry = dayjs().add(PASSWORD_RESET_EXPIRY_HOURS, "hours").toDate();
const createdResetPasswordRequest = await prisma.resetPasswordRequest.create({
data: {
email: rawEmail,
email: maybeUser.email,
expires: expiry,
},
});
@ -63,10 +56,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
const passwordEmail: PasswordReset = {
language: t,
user: {
name: maybeUser.name,
email: rawEmail,
},
user: maybeUser,
resetLink: `${process.env.BASE_URL}/auth/forgot-password/${passwordRequest.id}`,
};
@ -74,7 +64,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
return res.status(201).json({ message: "Reset Requested" });
} catch (reason) {
console.error(reason);
// console.error(reason);
return res.status(500).json({ message: "Unable to create password reset request" });
}
}