Docker/planka
Docker/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2025-07-22 22:59:44 +02:00
Code Issues Releases Activity

feat: Improve security of access tokens (#279)

Browse source 
Closes #275
This commit is contained in:
SimonTagne 2022-08-09 18:03:21 +02:00 committed by GitHub
parent dab38cbc18
commit 7786533a90
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
40 changed files with 273 additions and 133 deletions
Download patch file Download diff file Expand all files Collapse all files

11
server/api/controllers/users/update-password.js
View file

@ -60,12 +60,21 @@ module.exports = {
}
const values = _.pick(inputs, ['password']);
user = await sails.helpers.users.updateOne(user, values, this.req);
user = await sails.helpers.users.updateOne(user, values, currentUser, this.req);
if (!user) {
throw Errors.USER_NOT_FOUND;
}
if (user.id === currentUser.id) {
const accessToken = sails.helpers.utils.createToken(user.id, user.passwordUpdatedAt);
return {
accessToken,
item: user,
};
}
return {
item: user,
};