github
/
nocodb
mirror of https://github.com/nocodb/nocodb
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

fix: invalidate all refresh token and populate a new token for current session on password change 

Signed-off-by: Pranav C <pranavxc@gmail.com>
pull/9176/head
Pranav C 4 months ago
parent
0c8dfa1e0b
commit
7795f0405d
2 changed files with 7 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      packages/nocodb/src/modules/auth/auth.controller.ts
  2. 3
      packages/nocodb/src/services/users/users.service.ts

5
packages/nocodb/src/modules/auth/auth.controller.ts
Unescape View File

@ -140,7 +140,7 @@ export class AuthController {
scope: 'org', scope: 'org',
}) })
@HttpCode(200) @HttpCode(200)
async passwordChange(@Req() req: NcRequest): Promise<any> { async passwordChange(@Req() req: NcRequest, @Res() res): Promise<any> {
if (!(req as any).isAuthenticated?.()) { if (!(req as any).isAuthenticated?.()) {
NcError.forbidden('Not allowed'); NcError.forbidden('Not allowed');
} }
@ -151,6 +151,9 @@ export class AuthController {
body: req.body, body: req.body,
}); });
// set new refresh token
await this.setRefreshToken({ req, res });
return { msg: 'Password has been updated successfully' }; return { msg: 'Password has been updated successfully' };
} }

3
packages/nocodb/src/services/users/users.service.ts
Unescape View File

@ -201,6 +201,9 @@ export class UsersService {
token_version: randomTokenString(), token_version: randomTokenString(),
}); });
// delete all refresh token and populate a new one
await UserRefreshToken.deleteAllUserToken(user.id);
this.appHooksService.emit(AppEvents.USER_PASSWORD_CHANGE, { this.appHooksService.emit(AppEvents.USER_PASSWORD_CHANGE, {
user: user, user: user,
ip: param.req?.clientIp, ip: param.req?.clientIp,

Write Preview
Loading…
Cancel
Save